CVE-2026-24441
Plaintext Credential Exposure in Tenda AC7 Firmware HTTP Responses
Publication date: 2026-02-03
Last updated on: 2026-02-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac7_firmware | to 03.03.03.01 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24441 affects the Shenzhen Tenda AC7 router firmware version V03.03.03.01_cn and earlier. The vulnerability involves the transmission of administrative credentials in plaintext within HTTP responses, lacking HTTPS protection.
This means that sensitive authentication information is sent without encryption, allowing an attacker positioned on the network path between the user and the device to intercept and obtain these credentials.
How can this vulnerability impact me? :
Because administrative credentials are exposed in plaintext over the network, an on-path attacker can intercept these credentials and gain unauthorized access to the router.
This unauthorized access could lead to further compromise of the network, including changes to router settings, interception of network traffic, or use of the device as a foothold for additional attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring network traffic for HTTP responses from the Shenzhen Tenda AC7 router firmware version V03.03.03.01_cn and earlier that contain administrative credentials transmitted in plaintext.'}, {'type': 'paragraph', 'content': 'You can use network packet capture tools such as tcpdump or Wireshark to inspect HTTP traffic for sensitive information exposure.'}, {'type': 'list_item', 'content': "Use tcpdump to capture HTTP traffic on the network interface (replace eth0 with your interface): tcpdump -i eth0 -A 'tcp port 80'"}, {'type': 'list_item', 'content': 'Filter captured traffic in Wireshark for HTTP responses and look for plaintext credentials in the payload.'}, {'type': 'list_item', 'content': 'Use curl or wget to manually request HTTP pages from the router and check if credentials are exposed in the response.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include avoiding the use of HTTP to access the router's administrative interface, as it transmits credentials in plaintext."}, {'type': 'paragraph', 'content': "If possible, restrict network access to the router's management interface to trusted hosts only."}, {'type': 'paragraph', 'content': 'Consider upgrading the router firmware to a version that addresses this vulnerability or contact the vendor for a patch.'}, {'type': 'paragraph', 'content': 'Use network-level protections such as VPNs or secure tunnels to encrypt management traffic until a secure firmware version is available.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves the exposure of administrative credentials in plaintext over HTTP, which can lead to unauthorized access to sensitive authentication material.
Such exposure of sensitive data may violate common security requirements in standards and regulations like GDPR and HIPAA, which mandate protection of sensitive information during transmission to prevent unauthorized disclosure.
Specifically, the lack of HTTPS protection and transmission of credentials in cleartext could be considered non-compliant with data protection principles requiring confidentiality and integrity of personal or sensitive data.