Tenda AC7 Cleartext Transmission of Credentials Vulnerability

Vulnerability

A vulnerability exists in the Tenda AC7 router in firmware versions through V03.03.03.01_cn, where account credentials are transmitted in plaintext within HTTP responses. This flaw allows an on-path attacker to intercept sensitive authentication information.

Impact

Exploitation of this vulnerability could lead to unauthorized access using intercepted credentials.

Added: Feb 3, 2026, 8:19 PM

Updated: Feb 3, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC7 Cleartext Transmission of Credentials Vulnerability

Vulnerability

Impact

Affected Products

Shenzhen Tenda AC7

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating