CVE-2026-22079
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: Indian Computer Emergency Response Team (CERT-In)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | wired_router_f3 | * |
| tenda | wired_router_n300 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) where login credentials are transmitted in plaintext during the initial login or after a factory reset via the web-based administrative interface. An attacker on the same network can intercept this network traffic and capture these credentials.
How can this vulnerability impact me? :
If exploited, an attacker could obtain sensitive login credentials and gain unauthorized access to the affected router. This could lead to compromise of the device, potentially allowing the attacker to control the router or access the network it manages.