Browse all 19 CVE security advisories affecting Shenzhen Tenda Technology Co., Ltd.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Shenzhen Tenda Technology Co., Ltd. develops networking equipment including routers and access points for home and small business use. Historically, their products have frequently been affected by remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. The company has faced scrutiny for multiple security incidents, with 19 CVEs documented, highlighting persistent issues in firmware security and patch management. These vulnerabilities have allowed attackers to compromise devices without authentication, exposing networks to unauthorized access and potential botnet recruitment. Tenda's security track record reflects broader challenges in the IoT ecosystem, where cost pressures and rapid development cycles often compromise robust security practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24441 | Tenda AC7 Transmits Admin Credentials Without HTTPS Protection — Tenda AC7CWE-319 | 9.1AI | CriticalAI | 2026-02-03 |
| CVE-2026-24434 | Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions — Tenda AC7CWE-352 | 6.5AI | MediumAI | 2026-02-03 |
| CVE-2026-24427 | Tenda AC7 Exposes Admin Credentials in Configuration Responses — Tenda AC7CWE-201 | 8.1AI | HighAI | 2026-02-03 |
| CVE-2026-24426 | Tenda AC7 Reflected XSS via Web Interface Output Encoding — Tenda AC7CWE-79 | 6.1AI | MediumAI | 2026-02-03 |
This page lists every published CVE security advisory associated with Shenzhen Tenda Technology Co., Ltd.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.