CVE-2026-27514

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.tendacn.com/product/F3	Product
https://www.vulncheck.com/advisories/tenda-f3-plaintext-credential-exposure-in-configuration-download	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tenda:f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tenda:f3:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-23 17:23

Updated : 2026-02-23 20:11

NVD link : CVE-2026-27514

Mitre link : CVE-2026-27514

CVE.ORG link : CVE-2026-27514

JSON object : View

Products Affected

tenda

f3_firmware
f3

CWE

CWE-201

Insertion of Sensitive Information Into Sent Data

CWE-525

Use of Web Browser Cache Containing Sensitive Information

{"id": "CVE-2026-27514", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-23T17:23:30.087", "references": [{"url": "https://www.tendacn.com/product/F3", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/tenda-f3-plaintext-credential-exposure-in-configuration-download", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-201"}, {"lang": "en", "value": "CWE-525"}]}], "descriptions": [{"lang": "en", "value": "Shenzhen Tenda F3 Wireless Router\u00a0firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data."}, {"lang": "es", "value": "El firmware V12.01.01.55_multi del Router inal\u00e1mbrico Shenzhen Tenda F3 contiene una vulnerabilidad de exposici\u00f3n de informaci\u00f3n sensible en la funcionalidad de descarga de configuraci\u00f3n. La respuesta de descarga de configuraci\u00f3n incluye la contrase\u00f1a del router y la contrase\u00f1a de administraci\u00f3n en texto plano. El endpoint tambi\u00e9n omite directivas Cache-Control apropiadas, lo que puede permitir que la respuesta sea almacenada en cach\u00e9s del lado del cliente y recuperada por otros usuarios locales o procesos con acceso a datos de navegador en cach\u00e9."}], "lastModified": "2026-02-23T20:11:48.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tenda:f3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C94698A5-D2EE-45CD-AB06-4BD30F252920", "versionEndIncluding": "12.01.01.55_multi"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tenda:f3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE9480BB-FC48-4614-A003-A991109FBCAF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "disclosure@vulncheck.com"}