CVE-2026-22081
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: Indian Computer Emergency Response Team (CERT-In)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | wired_router_f3 | * |
| tenda | wired_router_n300_easy_setup | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1004 | The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain Tenda wireless routers because the session cookies used by the web-based administrative interface lack the HTTPOnly flag. This means that an attacker could capture these session cookies if they intercept the HTTP traffic, potentially allowing them to hijack the session and gain unauthorized access to the router's administrative functions.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to obtain sensitive information by capturing session cookies and gain unauthorized access to the targeted Tenda wireless router. This could lead to control over the device, potentially compromising network security and privacy.