Wireless Router Vulnerability in Tenda Devices Exposing User Credentials
CVE-2026-22080
What is CVE-2026-22080?
A security flaw in Tenda wireless routers, specifically the 300Mbps Wireless Router F3 and N300 Easy Setup Router, allows for the transmission of user credentials in a reversible Base64 encoding format via the web-based administrative interface. An attacker, positioned on the same network, may exploit this vulnerability to intercept network traffic and capture the encoded credentials. This exploitation poses a significant risk as it enables unauthorized access to the router, potentially leading to further security breaches and compromise of sensitive information.
Affected Version(s)
300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.41
300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.42
300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.48
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved