CVE-2026-24427 – Tenda AC7 Exposes Admin Credentials in Configuration Responses

CVE ID : CVE-2026-24427

Published : Feb. 3, 2026, 7:11 p.m. | 6 minutes ago

Description : Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…