CVE-2026-27514
Sensitive Information Exposure in Tenda F3 Router Configuration Download
Publication date: 2026-02-23
Last updated on: 2026-02-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f3_firmware | to 12.01.01.55_multi (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
| CWE-525 | The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-27514 is a sensitive information exposure vulnerability found in the Shenzhen Tenda F3 Wireless Router firmware version 12.01.01.55_multi. The vulnerability occurs in the configuration download functionality, where the router's password and administrative password are included in plaintext within the configuration download response."}, {'type': 'paragraph', 'content': 'Additionally, the affected endpoint does not include proper Cache-Control headers, which allows the sensitive response data to be stored in client-side browser caches. This cached data can then be accessed by other local users or processes that have access to the browser cache, increasing the risk of credential compromise.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can lead to exposure of sensitive credentials such as the router password and administrative password in plaintext. Because these credentials can be stored in client-side browser caches without proper cache control, other local users or malicious processes with access to the cached data can retrieve them.'}, {'type': 'paragraph', 'content': "As a result, an attacker with local access could gain unauthorized access to the router's administrative interface, potentially compromising network security and control."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the configuration download responses from the Shenzhen Tenda F3 Wireless Router firmware version 12.01.01.55_multi. Specifically, you should check if the configuration download response contains the router password and administrative password in plaintext.
Additionally, you can inspect HTTP responses from the router for missing Cache-Control headers that would prevent sensitive data from being cached by browsers.
Suggested commands to detect this vulnerability include using network traffic capture tools such as curl or wget to download the configuration file and then inspecting its contents for plaintext passwords.
- curl -v http://<router-ip>/configuration-download-endpoint
- wget --server-response http://<router-ip>/configuration-download-endpoint
After downloading, examine the response body for plaintext credentials and check the HTTP headers for Cache-Control directives.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the configuration download functionality to trusted users only, preferably by limiting network access to the router's management interface."}, {'type': 'paragraph', 'content': 'Avoid downloading or storing the configuration file on shared or insecure devices to prevent exposure of plaintext credentials.'}, {'type': 'paragraph', 'content': 'Clear browser caches regularly to reduce the risk of cached sensitive data being accessed by unauthorized local users or processes.'}, {'type': 'paragraph', 'content': 'If possible, update the router firmware to a version that addresses this vulnerability or contact the vendor for patches or guidance.'}] [1]