PT-2026-6192 · Tenda · Tenda Ac7
Kazuma Matsumoto
·
Published
2026-02-03
·
Updated
2026-02-10
·
CVE-2026-24441
CVSS v4.0
8.2
High
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn
Description
The firmware for Shenzhen Tenda AC7 devices up to version V03.03.03.01 cn reveals account credentials in plain text within HTTP responses. This allows an attacker positioned on the network path to intercept and obtain sensitive authentication information. The affected devices transmit credentials without encryption, making them susceptible to eavesdropping.
Recommendations
Update to a firmware version newer than V03.03.03.01 cn.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ac7