Session Cookie Vulnerability in Tenda Wireless Routers
CVE-2026-22081
What is CVE-2026-22081?
The Tenda wireless routers, specifically the 300Mbps Wireless Router F3 and N300 Easy Setup Router, contain a vulnerability due to the absence of the HTTPOnly flag for session cookies in their web-based administrative interface. This security oversight enables remote attackers to potentially intercept session cookies over unsecured HTTP connections. By capturing these cookies, the attackers could access sensitive information or gain unauthorized control over the device, thereby compromising user data and network integrity.
Affected Version(s)
300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.41
300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.42
300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.48
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved