PT-2026-21530 · Tenda · Tenda F3 Wireless Router
Kazuma Matsumoto
·
Published
2026-02-23
·
Updated
2026-02-24
·
CVE-2026-27512
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi
Description
The administrative interface of the software lacks the X-Content-Type-Options: nosniff header in responses and includes attacker-influenced content that can be reflected in the response body. MIME sniffing may cause the response to be interpreted as active HTML, potentially allowing script execution within the administrative interface.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Encoding or Escaping of Output
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tenda F3 Wireless Router