CVE-2026-27513
CSRF Vulnerability in Tenda F3 Router Allows Unauthorized Changes
Publication date: 2026-02-23
Last updated on: 2026-02-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f3_firmware | to 12.01.01.55_multi (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-27513 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the web-based administrative interface of the Shenzhen Tenda F3 Wireless Router firmware version 12.01.01.55_multi.'}, {'type': 'paragraph', 'content': "The vulnerability exists because the router's web interface does not implement anti-CSRF protections. This allows an attacker to trick an authenticated administrator into submitting unauthorized state-changing requests."}, {'type': 'paragraph', 'content': "As a result, an attacker can cause unauthorized configuration changes on the device without the administrator's explicit consent."}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to induce an authenticated administrator to perform unauthorized configuration changes on your Tenda F3 Wireless Router.
- Unauthorized changes to router settings could compromise network security.
- Attackers might alter configurations to redirect traffic, disable security features, or create backdoors.
- Since the attack requires user interaction but no special privileges, it can be executed remotely over the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability affects the web-based administrative interface of the Shenzhen Tenda F3 Wireless Router firmware version 12.01.01.55_multi and potentially earlier versions. Detection involves verifying if the router's web interface lacks anti-CSRF protections, which can be done by analyzing the HTTP requests and responses during administrative actions."}, {'type': 'paragraph', 'content': "One approach is to capture and inspect HTTP requests sent to the router's management interface using tools like curl or browser developer tools to check for the presence or absence of anti-CSRF tokens in forms or headers."}, {'type': 'list_item', 'content': 'Use curl to fetch the login or configuration page and check for CSRF tokens: curl -i http://<router-ip>/'}, {'type': 'list_item', 'content': 'Use browser developer tools to monitor requests when performing configuration changes and verify if any anti-CSRF tokens are included.'}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious state-changing requests that could be forged, especially those initiated without proper CSRF tokens.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "To mitigate this CSRF vulnerability, immediate steps include restricting access to the router's web management interface to trusted networks or IP addresses only."}, {'type': 'paragraph', 'content': "Ensure that administrators avoid clicking on untrusted links or visiting suspicious websites while authenticated to the router's interface, as user interaction is required for exploitation."}, {'type': 'paragraph', 'content': 'If possible, update the router firmware to a version that includes anti-CSRF protections or contact the vendor for patches or guidance.'}, {'type': 'paragraph', 'content': 'As a temporary measure, consider disabling remote management features to reduce exposure.'}] [1]