PT-2026-21529 · Tenda · Tenda F3 Wireless Router
Kazuma Matsumoto
·
Published
2026-02-23
·
Updated
2026-02-24
·
CVE-2026-27511
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi
Description
The web-based administrative interface does not set the X-Frame-Options header, which allows an attacker to embed administrative pages in an iframe. This can trick an authenticated administrator into performing unintended actions, potentially leading to unauthorized configuration changes. This is a clickjacking issue.
Recommendations
Apply a configuration that sets the X-Frame-Options header to prevent embedding the administrative interface in an iframe.
Exploit
Fix
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda F3 Wireless Router