Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi allows the configuration download response to contain both the router password and the administrative password in plaintext, a flaw characterized by CWE‑201 Sensitive Information Exposure and CWE‑525 Stored Sensitive Information in Plaintext. The missing Cache‑Control headers mean the response can be stored in client‑side caches, providing a secondary leakage path where local users or processes with access to cached browser data can recover credentials. Attackers who can trigger the configuration download endpoint, or who later locate cached copies, can obtain confidential credentials that could be used to upload firmware, modify settings, or pivot to other parts of the home network.

The affected product is the Tenda F3 wireless router from Shenzhen Tenda Technology Co., Ltd. The specific firmware revision documented as vulnerable is V12.01.01.55_multi. No other versions are listed as affected in the current advisory.

The CVSS base score of 7.1 indicates a high severity of confidentiality breach. The EPSS score of less than 1% suggests that, while the vulnerability is serious, its exploitation probability is currently very low. The vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires the attacker to possess network access to the router and be able to trigger the configuration download endpoint; it may also be leveraged by anyone who obtains cached configuration data locally. No additional exploitation conditions are documented, so the primary risk is disclosure of credentials rather than denial‑of‑service or remote code execution.