Tenda AC7 Exposes Admin Credentials in Configuration Responses_CVE-2026-24427

6.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.

Basic Information

ID CVE-2026-24427

Source VulnCheck

Published Feb 3, 2026 at 19:11

Modified Feb 3, 2026 at 19:42

Affected Product

Vendor Shenzhen Tenda Technology Co., Ltd.

Product Tenda AC7

Affected Versions Shenzhen Tenda Technology Co., Ltd. Tenda AC7 0

CWE Classification

CWE-201

References

{
    "lastseen": "",
    "description": "Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.",
    "published": "2026-02-03T19:11:32.297Z",
    "modified": "2026-02-03T19:42:59.294Z",
    "type": "cve",
    "title": "Tenda AC7 Exposes Admin Credentials in Configuration Responses",
    "source": "VulnCheck",
    "references": "https://www.tendacn.com/product/AC7\nhttps://www.vulncheck.com/advisories/tenda-ac7-exposes-admin-credentials-in-configuration-responses",
    "id": "CVE-2026-24427",
    "bulletinFamily": "",
    "cwe": [
        "CWE-201"
    ],
    "cvelist": null,
    "sourceData": "Shenzhen Tenda Technology Co., Ltd. Tenda AC7 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tenda AC7",
    "version": "0",
    "vendor": "Shenzhen Tenda Technology Co., Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}