Primary

Context

Tenda AC7 Cross-Site Request Forgery Vulnerability in Web Management Interface

Vulnerability

Patched

A cross-site request forgery (CSRF) vulnerability has been identified in the Tenda AC7 router, affecting firmware versions through V03.03.03.01_cn. The vulnerability arises because the web management interface lacks proper CSRF protections for administrative functions. It does not enforce anti-CSRF tokens or adequate origin validation, potentially allowing an attacker to trick a logged-in administrator into making unintended changes to router settings.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in router configurations by manipulating a logged-in administrator's actions.

Added: Feb 3, 2026, 8:19 PM

Updated: Feb 3, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

5.6

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

5.6

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC7 Cross-Site Request Forgery Vulnerability in Web Management Interface

Vulnerability

Impact

Affected Products

Shenzhen Tenda AC7

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating