Cross-Site Request Forgery Flaw in Shenzhen Tenda F3 Wireless Router
CVE-2026-27513

5.1MEDIUM

Key Information:

Vendor: Shenzhen Tenda Technology Co., Ltd.
Status: Tenda F3
Vendor: CVE Published:; 23 February 2026

🔔 Create Shenzhen Tenda Technology Co., Ltd. Vulnerability Alert

What is CVE-2026-27513?

The Shenzhen Tenda F3 Wireless Router's firmware is vulnerable to a cross-site request forgery (CSRF) attack through its web-based administrative interface. The absence of adequate anti-CSRF protections allows an adversary to trick a logged-in administrator into executing state-changing requests, potentially leading to unauthorized configuration modifications that could compromise the router's security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tenda F3 0 <= 12.01.01.55_multi

References

https://www.tendacn.com/product/F3

product

https://www.vulncheck.com/advisories/tenda-f3-csrf-in-web...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 23, 2026
Vulnerability Reserved
Feb 19, 2026

Credit

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.

JSON

Shenzhen Tenda Technology Co., Ltd.

What is CVE-2026-27513?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.