CVE-2026-22081
Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers
In short
Tenda wireless routers store session cookies without the HTTPOnly protection flag, allowing attackers to steal these cookies through JavaScript attacks or network interception. This enables unauthorized access to the router's admin interface and sensitive information.
Technical detail
The vulnerability stems from missing HTTPOnly flag on session cookies in Tenda F3 and N300 routers' web administrative interface (CWE-1004). An attacker can capture cookies via network sniffing on HTTP or client-side script injection, leading to session hijacking and unauthorized administrative access without requiring authentication bypass.
Summary generated and translated by AI from the official description.
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection.
Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unau-thorized access to the targeted device.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
Tenda · 300Mbps Wireless Router F3 and N300 Easy Setup RouterWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →