CSRF Vulnerability in Tenda AC7 Firmware by Shenzhen Tenda
CVE-2026-24434

5.1MEDIUM

Key Information:

Vendor: Shenzhen Tenda Technology Co., Ltd.
Status: Tenda Ac7
Vendor: CVE Published:; 3 February 2026

🔔 Create Shenzhen Tenda Technology Co., Ltd. Vulnerability Alert

What is CVE-2026-24434?

The firmware for Shenzhen Tenda's AC7 router lacks necessary CSRF protections, allowing attackers to exploit the web management interface. Without anti-CSRF tokens or proper origin validation, a logged-in administrator could be tricked into making unintended state-changing actions, such as altering router configurations or settings. This vulnerability highlights significant security concerns for users managing their network through this interface.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tenda AC7 0 <= 03.03.03.01_cn

References

https://www.tendacn.com/product/AC7

product

https://www.vulncheck.com/advisories/tenda-ac7-web-interf...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 3, 2026
Vulnerability Reserved
Jan 22, 2026

Credit

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.

JSON

Shenzhen Tenda Technology Co., Ltd.

What is CVE-2026-24434?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.