anonhaven
Ad

CVE-2026-27511

MEDIUM CVSS 4.0: 5.1 EPSS 0.04%
Updated Feb 23, 2026
Tenda
Parameter Value
CVSS 5.1 (MEDIUM)
Affected Versions before 12.01.01.55_multi
Type CWE-1021
Vendor Tenda
Public PoC No

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an authenticated administrator into unintended interactions that may result in unauthorized configuration changes.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Active
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-1021

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Tenda F3_Firmware
cpe:2.3:o:tenda:f3_firmware:*:*:*:*:*:*:*:*
 <= 12.01.01.55_multi
Tenda F3
cpe:2.3:h:tenda:f3:-:*:*:*:*:*:*:*

References 2

https://www.tendacn.com/product/F3
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/tenda-f3-clickjacking-in-web-management-in…
disclosure@vulncheck.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-5339

Tenda

5.1

CVE-2026-5338

Tenda

5.1

CVE-2026-5204

Tenda

7.4

CVE-2026-5156

Tenda

7.4

CVE-2026-5155

Tenda

7.4