Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Tenda F3 Router Leaks Sensitive Passwords in Downloaded Config
CVE-2026-27514
Summary
The Tenda F3 Wireless Router's configuration download feature exposes passwords in plain text, which can be accessed by others with access to the client's browser cache. This makes it possible for unauthorized users to obtain sensitive login credentials. To protect your router, update to the latest firmware version, and consider changing your passwords immediately.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | f3_firmware | <= 12.01.01.55_multi | – |
Original title
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download respons...
Original description
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data.
nvd CVSS3.1
6.5
nvd CVSS4.0
7.1
Vulnerability type
CWE-201
CWE-525
- https://www.tendacn.com/product/F3 Product
- https://www.vulncheck.com/advisories/tenda-f3-plaintext-credential-exposure-in-c... Third Party Advisory
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026