CVE-2026-22079— Cleartext Transmission Vulnerability in Tenda Wireless Routers
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-22079
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cleartext Transmission Vulnerability in Tenda Wireless Routers
Source: NVD (National Vulnerability Database)
Vulnerability Description
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the credentials transmitted in plaintext. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文传输
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tenda N300和Tenda F3 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tenda N300和Tenda F3都是中国腾达(Tenda)公司的产品。Tenda N300是一款路由器。Tenda F3是一款无线路由器。 Tenda N300和Tenda F3存在安全漏洞,该漏洞源于通过基于Web的管理界面进行初始登录或出厂重置后设置时,登录凭据以明文形式传输,可能导致攻击者拦截网络流量并获取凭据,从而获得未经授权的访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Tenda | 300Mbps Wireless Router F3 and N300 Easy Setup Router | F3 v3.0 Firmware V12.01.01.41 | - |
II. Public POCs for CVE-2026-22079
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-22079
请登录查看更多情报信息。
Same Patch Batch · Tenda · 2026-01-09 · 4 CVEs total
| CVE-2026-22082 | Insecure Session ID Management Vulnerability in Tenda Wireless Routers | |
| CVE-2026-22081 | Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers | |
| CVE-2026-22080 | Insecure Transmission Vulnerability in Tenda Wireless Routers |
IV. Related Vulnerabilities
Same vendor: Tenda
- CVE-2026-8265
Tenda AC6 httpd getLogFile get_log_file os command injection - CVE-2026-8264
Tenda AC6 httpd WifiApScan formWifiApScan os command injecti - CVE-2026-8263
Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os comman - CVE-2026-8259
Tenda AC6 httpd telnet os command injection - CVE-2026-8138
Tenda CX12L SetPptpServerCfg” formSetPPTPServer stack-based
Same weakness: CWE-319
- CVE-2026-45180
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl ma - CVE-2026-45179
Plack::Middleware::Statsd versions before 0.9.0 for Perl may - CVE-2025-59852
HCL DFXAnalytics is affected by an Insufficient Transport - CVE-2026-7610
TRENDnet TEW-821DAP Firmware Update ssi cleartext transmissi - CVE-2026-42514
Sensitive Data Exposure Vulnerability in e-Sushrut HMIS
V. Comments for CVE-2026-22079
No comments yet