CVE 8.7 HIGH

Insecure Transmission Vulnerability in Tenda Wireless Routers_CVE-2026-22080

January 9, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials.

Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device.

AI Analysis

Insecure transmission of credentials due to reversible Base64 encoding in Tenda wireless routers

Basic Information

ID CVE-2026-22080

Source CERT-In

Published Jan 9, 2026 at 11:05

Modified Jan 9, 2026 at 11:26

Affected Product

Vendor Tenda

Product 300Mbps Wireless Router F3 and N300 Easy Setup Router

Version F3 v3.0 Firmware V12.01.01.41, F3 v3.0 Firmware V12.01.01.42, F3 v3.0 Firmware V12.01.01.48, F3 v3.0 Firmware V12.01.01.52, F3 v3.0 Firmware V12.01.01.55, F3 v4.0 Firmware V03.03.01.40

Affected Versions Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.41
Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.42
Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.48
Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.52
Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.55
Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v4.0 Firmware V03.03.01.40

CWE Classification

CWE-319

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product 300Mbps Wireless Router F3 and N300 Easy Setup Router

Version F3 v3.0 Firmware V12.01.01.41, F3 v3.0 Firmware V12.01.01.42, F3 v3.0 Firmware V12.01.01.48, F3 v3.0 Firmware V12.01.01.52, F3 v3.0 Firmware V12.01.01.55, F3 v4.0 Firmware V03.03.01.40

References

www.cert-in.org.in /s2cMainServlet

{
    "lastseen": "",
    "description": "This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials.\n\nSuccessful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device.",
    "published": "2026-01-09T11:05:07.368Z",
    "modified": "2026-01-09T11:26:07.261Z",
    "type": "cve",
    "title": "Insecure Transmission Vulnerability in Tenda Wireless Routers",
    "source": "CERT-In",
    "references": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004",
    "id": "CVE-2026-22080",
    "bulletinFamily": "",
    "cwe": [
        "CWE-319"
    ],
    "cvelist": null,
    "sourceData": "Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.41\nTenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.42\nTenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.48\nTenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.52\nTenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.55\nTenda 300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v4.0 Firmware V03.03.01.40",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "300Mbps Wireless Router F3 and N300 Easy Setup Router",
    "version": "F3 v3.0 Firmware V12.01.01.41, F3 v3.0 Firmware V12.01.01.42, F3 v3.0 Firmware V12.01.01.48, F3 v3.0 Firmware V12.01.01.52, F3 v3.0 Firmware V12.01.01.55, F3 v4.0 Firmware V03.03.01.40",
    "vendor": "Tenda",
    "ai_description": "Insecure transmission of credentials due to reversible Base64 encoding in Tenda wireless routers",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "300Mbps Wireless Router F3 and N300 Easy Setup Router",
    "ai_version": "F3 v3.0 Firmware V12.01.01.41, F3 v3.0 Firmware V12.01.01.42, F3 v3.0 Firmware V12.01.01.48, F3 v3.0 Firmware V12.01.01.52, F3 v3.0 Firmware V12.01.01.55, F3 v4.0 Firmware V03.03.01.40",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply