Tenda 300Mbps Wireless Router F3
Moderate fix1 remedy
cpe:2.3:h:tenda:f3:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- V12.01.01.41
- V12.01.01.42
- V12.01.01.48
- V12.01.01.52
- V12.01.01.55
- V03.03.01.40
Tenda Wireless Routers Session Cookie Vulnerability
Vulnerability
Patched
A vulnerability exists in Tenda wireless routers, specifically the 300Mbps Wireless Router F3 and the N300 Easy Setup Router, due to the absence of the HTTPOnly flag in session cookies related to the web-based administrative interface. This flaw allows remote attackers to capture session cookies sent over an unsecured HTTP connection. Exploitation of this vulnerability could lead to the interception of sensitive information and unauthorized access to the affected device.
Impact
Successful exploitation allows attackers to capture session cookies, potentially leading to unauthorized access on the affected device.
Remediation
Users are advised to apply the updates mentioned by the vendor. For more information, visit the Tenda India website.
Added: Jan 9, 2026, 12:55 PM
Updated: Jan 9, 2026, 12:55 PM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
5.0exploitability
5.9remediation
7.7relevance
1.9threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.