CVE-2026-27512 is a cross-site scripting (XSS) vulnerability identified in the Shenzhen Tenda F3 wireless router firmware version V12.01.01.55_multi. The root cause is the absence of the X-Content-Type-Options: nosniff HTTP header in responses from the router's administrative interface. This omission allows browsers to perform MIME sniffing, which can cause the browser to interpret certain responses as active HTML content rather than their intended MIME type. Because the response body can include attacker-influenced content, this behavior enables reflected XSS attacks. Specifically, an attacker can craft a URL or payload that, when accessed by an administrator in a vulnerable browser, executes arbitrary JavaScript in the context of the router’s admin interface. This can lead to session hijacking, unauthorized configuration changes, or information disclosure. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-116 (Improper Encoding or Escaping of Output). The CVSS v4.0 base score is 5.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges or user interaction required except for the victim admin to visit a malicious link, and limited scope and impact confined to the router’s administrative interface. No patches or known exploits are currently available, but the vulnerability poses a risk to the confidentiality and integrity of router management.

The primary impact of this vulnerability is the potential compromise of the administrative interface of affected Tenda F3 routers. Successful exploitation could allow attackers to execute arbitrary scripts in the admin context, leading to session hijacking, unauthorized configuration changes, or theft of sensitive information such as network credentials. This could result in network disruption, unauthorized access to internal networks, or further lateral attacks on connected devices. Since the router is a critical network infrastructure component, compromise could undermine overall network security and availability. The vulnerability requires user interaction (the admin visiting a malicious URL), which somewhat limits exploitation likelihood, but targeted attacks against network administrators remain a significant risk. Organizations relying on Tenda F3 routers, especially in small office or home office environments, may face elevated risk due to potentially less stringent security monitoring and patch management.

1. Apply firmware updates from Shenzhen Tenda Technology as soon as they become available to address this vulnerability. 2. Until patches are released, restrict administrative interface access to trusted internal networks only, using firewall rules or VLAN segmentation to prevent exposure to untrusted networks or the internet. 3. Disable remote administration features on the router to reduce attack surface. 4. Educate network administrators to avoid clicking on suspicious or untrusted links while logged into the router’s admin interface. 5. Implement network-level web filtering or intrusion prevention systems to detect and block malicious payloads targeting this vulnerability. 6. Monitor router logs and network traffic for unusual activity indicative of exploitation attempts. 7. Consider replacing affected devices with models from vendors with stronger security track records if timely patches are unavailable.