Description
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.
Published: 2026-02-03
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Exposure of administrator credentials through configuration responses
Action: Apply Patch
AI Analysis

Impact

The Tenda AC7 router, using firmware versions V03.03.03.01_cn and earlier, returns configuration responses that contain the router and admin panel passwords in clear text. In addition, these responses lack appropriate Cache‑Control directives, allowing web browsers to store pages that expose those credentials for later use. This vulnerability represents an information‑exposure flaw, classified as CWE‑201, and would compromise the confidentiality of administrative credentials. Based on the description, it is inferred that if an attacker obtains these passwords they could take full control of the router and its network traffic.

Affected Systems

Shenzhen Tenda Technology Co., Ltd. sells the Tenda AC7 router. The affected firmware versions are V03.03.03.01_cn and every prior release of the AC7 firmware.

Risk and Exploitability

The CVSS v3.1 score is 6.8, indicating moderate severity. The EPSS score is below 1 %, reflecting a low probability of exploitation today. The vulnerability is not listed in the CISA KEV catalogue. Based on the description, it is inferred that this vulnerability can be exploited by an attacker who has access to the router’s web‑management interface – either locally on the same network or from a remote position that can reach the management port. The lack of cache‑control also permits a malicious client to capture the credentials from cached pages, broadening the attack surface. Given the moderate score and low exploitation likelihood, the risk is moderate but real for organizations that expose this interface or use default credentials.

Generated by OpenCVE AI on April 18, 2026 at 00:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router to the latest Tenda AC7 firmware that removes administrator credentials from configuration responses.
  • Replace the default router and admin panel passwords with unique, strong passwords.
  • Disable or restrict the web‑management interface to trusted networks only, or block the management port from outside access.
  • Configure the web interface to send strict Cache‑Control headers or disable page caching for administrative pages.
  • If the firmware cannot be updated, consider disabling access to the configuration pages through the router’s firewall or by disconnecting the device from the public network.

Generated by OpenCVE AI on April 18, 2026 at 00:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac7 Firmware
CPEs cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac7_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda ac7 Firmware
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac7
Vendors & Products Tenda
Tenda ac7

Tue, 03 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.
Title Tenda AC7 Exposes Admin Credentials in Configuration Responses
Weaknesses CWE-201
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Tenda Ac7 Ac7 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-05T01:30:29.151Z

Reserved: 2026-01-22T20:23:19.802Z

Link: CVE-2026-24427

cve-icon Vulnrichment

Updated: 2026-02-03T19:42:55.120Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-03T19:16:16.577

Modified: 2026-02-10T14:12:30.840

Link: CVE-2026-24427

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T00:15:31Z

Weaknesses