CVE-2026-24427
Tenda AC7 Exposes Admin Credentials in Configuration Responses
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Shenzhen Tenda Technology Co., Ltd. · Tenda AC7Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →