Session Hijacking Vulnerability in Tenda Wireless Routers
CVE-2026-22082
What is CVE-2026-22082?
A security issue has been identified in Tenda wireless routers, specifically in the 300Mbps Wireless Router F3 and N300 Easy Setup Router. This vulnerability arises from the use of login credentials as the session ID within the web-based administrative interface. A remote attacker can exploit this flaw by intercepting network traffic, allowing them to capture the session ID during its transmission if it occurs over an unsecured network. The successful exploitation enables an attacker to hijack an authenticated session, potentially compromising sensitive configuration details and gaining unauthorized access to the device's management functionalities.
Affected Version(s)
300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.41
300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.42
300Mbps Wireless Router F3 and N300 Easy Setup Router F3 v3.0 Firmware V12.01.01.48
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved