PT-2026-6191 · Tenda · Tenda Ac7
Kazuma Matsumoto
·
Published
2026-02-03
·
Updated
2026-02-10
·
CVE-2026-24434
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn
Description
The web management interface lacks CSRF protections for administrative functions. The interface does not enforce anti-CSRF tokens or robust origin validation. This could allow an attacker to induce a logged-in administrator to perform unintended state-changing requests and modify router settings.
Recommendations
Update to a firmware version greater than V03.03.03.01 cn.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ac7