CVE-2026-22082— Insecure Session ID Management Vulnerability in Tenda Wireless Routers
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-22082
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure Session ID Management Vulnerability in Tenda Wireless Routers
Source: NVD (National Vulnerability Database)
Vulnerability Description
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission. Successful exploitation of this vulnerability could allow the attacker to hijack an authenticated session and compromise sensitive configuration information on the targeted device.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
会话固定
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tenda N300 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tenda N300是中国腾达(Tenda)公司的一款路由器。 Tenda N300存在授权问题漏洞,该漏洞源于使用登录凭据作为会话ID,可能导致远程攻击者拦截网络流量并在不安全的传输过程中捕获会话ID,从而劫持经过身份验证的会话。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Tenda | 300Mbps Wireless Router F3 and N300 Easy Setup Router | F3 v3.0 Firmware V12.01.01.41 | - |
II. Public POCs for CVE-2026-22082
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-22082
请登录查看更多情报信息。
Same Patch Batch · Tenda · 2026-01-09 · 4 CVEs total
| CVE-2026-22081 | Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers | |
| CVE-2026-22080 | Insecure Transmission Vulnerability in Tenda Wireless Routers | |
| CVE-2026-22079 | Cleartext Transmission Vulnerability in Tenda Wireless Routers |
IV. Related Vulnerabilities
Same vendor: Tenda
- CVE-2026-8265
Tenda AC6 httpd getLogFile get_log_file os command injection - CVE-2026-8264
Tenda AC6 httpd WifiApScan formWifiApScan os command injecti - CVE-2026-8263
Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os comman - CVE-2026-8259
Tenda AC6 httpd telnet os command injection - CVE-2026-8138
Tenda CX12L SetPptpServerCfg” formSetPPTPServer stack-based
Same weakness: CWE-384
- CVE-2025-46605
Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 - CVE-2026-31940
Session Fixation in Chamilo LMS - CVE-2026-33946
MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream - CVE-2026-33757
OpenBao lacks user confirmation for OIDC direct callback mod - CVE-2026-25101
Session Fixation in Bludit
V. Comments for CVE-2026-22082
No comments yet