MEDIUM🇬🇧 English

CVE-2026-27512

CVSS 5.1v4.0pub. 2026-02-23

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under affected browser behaviors, MIME sniffing may cause the response to be interpreted as active HTML, enabling script execution in the context of the administrative interface.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Tenda F3

    HW
    Tenda
    wszystkie wersje
  • Tenda F3 Firmware

    OS
    Tenda
    ≤ 12.01.01.55_multi
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2020-35391CRITICAL9.6ten sam produkt

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including a...

CVE-2026-27514HIGH7.1ten sam produkt

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulner...

CVE-2026-27513MEDIUM5.1ten sam produkt

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vul...

CVE-2026-27511MEDIUM5.1ten sam produkt

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web...

CVE-2025-57572MEDIUM5.6ten sam produkt

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/...