CVE-2026-22079

CVSS v4.0

8.7

Vector

AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router

Description The routers transmit login credentials in plaintext during the initial login or after a factory reset through the web-based administrative interface. An attacker on the same network can intercept network traffic and capture these credentials. Successful exploitation could allow an attacker to gain unauthorized access to the device and obtain sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

BDU:2026-00881

CVE-2026-22079

Affected Products

Tenda 300Mbps Wireless Router F3

Tenda N300 Easy Setup Router

CVE-2026-22079

Weakness Enumeration

Related Identifiers

Affected Products

References · 6