CVE-2026-22082
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: Indian Computer Emergency Response Team (CERT-In)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | 300mbps_wireless_router_f3 | * |
| tenda | n300_easy_setup_router | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain Tenda wireless routers because the device uses login credentials as the session ID in its web-based administrative interface. An attacker can exploit this by intercepting network traffic and capturing the session ID during insecure transmission, allowing them to hijack an authenticated session.
How can this vulnerability impact me? :
If exploited, an attacker could hijack an authenticated session on the router and gain access to sensitive configuration information, potentially compromising the security and functionality of the device.