CVE-2026-27514 – Tenda F3 Plaintext Credential Exposure in Configuration Download

CVE ID : CVE-2026-27514

Published : Feb. 23, 2026, 4:27 p.m. | 38 minutes ago

Description : Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…