PT-2026-6189 · Tenda · Tenda Ac7
Kazuma Matsumoto
·
Published
2026-02-03
·
Updated
2026-02-10
·
CVE-2026-24426
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn
Description
The software contains an improper output encoding issue in the web management interface. User-supplied input is reflected in HTTP responses without sufficient escaping, potentially allowing the injection of arbitrary HTML or JavaScript into a user's browser. The
user-supplied input is not properly sanitized before being included in the HTTP response.Recommendations
Update to a firmware version newer than V03.03.03.01 cn.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ac7