CVE-2026-22080
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: Indian Computer Emergency Response Team (CERT-In)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | 300mbps_wireless_router_f3 | * |
| tenda | n300_easy_setup_router | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects certain Tenda wireless routers where credentials are transmitted through the web-based administrative interface encoded only with reversible Base64 encoding. An attacker on the same network can intercept the network traffic, capture these Base64-encoded credentials, decode them easily, and obtain sensitive information.
How can this vulnerability impact me? :
If exploited, an attacker could gain unauthorized access to the affected router by obtaining sensitive credentials. This could lead to compromise of the device, potential network access, and exposure of private information.