CVE-2026-24441: CWE-319 Cleartext Transmission of Sensitive Information in Shenzhen Tenda Technology Co., Ltd. Tenda AC7
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.
AI Analysis
Technical Summary
CVE-2026-24441 is a vulnerability in Shenzhen Tenda AC7 router firmware (version V03.03.03.01_cn and prior) where account credentials are exposed in plaintext within HTTP responses. This cleartext transmission of sensitive authentication data enables an on-path attacker to capture credentials during network communication. The vulnerability is identified as CWE-319 and has a high CVSS 4.0 base score of 8.2, reflecting network attack vector with high impact on confidentiality. No vendor patch or official remediation guidance is currently available.
Potential Impact
An attacker with the ability to intercept network traffic between the user and the affected device can obtain sensitive account credentials in cleartext. This compromises the confidentiality of authentication material, potentially allowing unauthorized access to the device or network. The vulnerability does not require user interaction or privileges and affects all users of the specified firmware versions.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid using unencrypted HTTP management interfaces on the affected firmware and restrict network access to the device's management interface to trusted networks only.
CVE-2026-24441: CWE-319 Cleartext Transmission of Sensitive Information in Shenzhen Tenda Technology Co., Ltd. Tenda AC7
Description
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.
CVSS v4.0
Score 8.2high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-24441 is a vulnerability in Shenzhen Tenda AC7 router firmware (version V03.03.03.01_cn and prior) where account credentials are exposed in plaintext within HTTP responses. This cleartext transmission of sensitive authentication data enables an on-path attacker to capture credentials during network communication. The vulnerability is identified as CWE-319 and has a high CVSS 4.0 base score of 8.2, reflecting network attack vector with high impact on confidentiality. No vendor patch or official remediation guidance is currently available.
Potential Impact
An attacker with the ability to intercept network traffic between the user and the affected device can obtain sensitive account credentials in cleartext. This compromises the confidentiality of authentication material, potentially allowing unauthorized access to the device or network. The vulnerability does not require user interaction or privileges and affects all users of the specified firmware versions.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid using unencrypted HTTP management interfaces on the affected firmware and restrict network access to the device's management interface to trusted networks only.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-22T20:23:19.804Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69825048f9fa50a62fdc19aa
Added to database: 2/3/2026, 7:45:12 PM
Last enriched: 5/14/2026, 2:11:07 AM
Last updated: 6/18/2026, 5:31:06 AM
Views: 157
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.