CVE-2026-27513: CWE-352 Cross-Site Request Forgery (CSRF) in Shenzhen Tenda Technology Co., Ltd. Tenda F3
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit state-changing requests, which can result in unauthorized configuration changes.
AI Analysis
Technical Summary
CVE-2026-27513 is a CSRF vulnerability affecting the Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi. The web-based administrative interface does not implement anti-CSRF tokens or similar protections, allowing attackers to induce authenticated administrators to perform unintended actions that change router configuration. The vulnerability is rated medium severity with a CVSS 4.0 base score of 5.1, reflecting network attack vector, low complexity, no privileges required, but requiring user interaction. No patches or vendor advisories indicating fixes are currently available.
Potential Impact
Successful exploitation allows an attacker to cause an authenticated administrator to unknowingly submit requests that alter router settings. This can lead to unauthorized configuration changes, potentially compromising network security or device functionality. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should limit access to the router's administrative interface, avoid visiting untrusted websites while logged in to the router interface, and consider using network segmentation or other controls to reduce exposure. Monitor vendor communications for updates regarding patches or official mitigations.
CVE-2026-27513: CWE-352 Cross-Site Request Forgery (CSRF) in Shenzhen Tenda Technology Co., Ltd. Tenda F3
Description
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit state-changing requests, which can result in unauthorized configuration changes.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-27513 is a CSRF vulnerability affecting the Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi. The web-based administrative interface does not implement anti-CSRF tokens or similar protections, allowing attackers to induce authenticated administrators to perform unintended actions that change router configuration. The vulnerability is rated medium severity with a CVSS 4.0 base score of 5.1, reflecting network attack vector, low complexity, no privileges required, but requiring user interaction. No patches or vendor advisories indicating fixes are currently available.
Potential Impact
Successful exploitation allows an attacker to cause an authenticated administrator to unknowingly submit requests that alter router settings. This can lead to unauthorized configuration changes, potentially compromising network security or device functionality. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should limit access to the router's administrative interface, avoid visiting untrusted websites while logged in to the router interface, and consider using network segmentation or other controls to reduce exposure. Monitor vendor communications for updates regarding patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-02-19T19:51:07.328Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 699c852abe58cf853ba98533
Added to database: 2/23/2026, 4:49:46 PM
Last enriched: 5/12/2026, 4:02:44 AM
Last updated: 5/25/2026, 12:20:59 PM
Views: 142
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.