CVE-2026-24441 – Tenda AC7 routers with firmware V03.03.03.01

Q: What is the severity of CVE-2026-24441?

CVE-2026-24441 has a CVSS score of N/A (Unknown). Tenda AC7 routers with firmware V03.03.03.01_cn and earlier transmit administrator credentials in plaintext within HTTP responses. This allows attackers on the same network path to intercept and steal authentication credentials. All users of affected firmware versions are vulnerable.

📋 TL;DR

Tenda AC7 routers with firmware V03.03.03.01_cn and earlier transmit administrator credentials in plaintext within HTTP responses. This allows attackers on the same network path to intercept and steal authentication credentials. All users of affected firmware versions are vulnerable.

💻 Affected Systems

Products:

Tenda AC7 wireless router

Versions: V03.03.03.01_cn and all prior versions

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations using affected firmware versions are vulnerable. The vulnerability exists in the web management interface.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the router, enabling full network compromise, traffic interception, malware deployment, and credential theft from connected devices.

🟠

Likely Case

Local network attackers obtain router admin credentials, allowing them to modify network settings, redirect traffic, or perform man-in-the-middle attacks.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to credential exposure requiring attacker to be on-path.

🌐 Internet-Facing: MEDIUM - While the vulnerability requires on-path access, internet-facing routers could be targeted if attackers gain initial network access through other means.

🏢 Internal Only: HIGH - Internal attackers on the same network can easily intercept credentials without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to intercept HTTP traffic. No authentication needed to observe credentials in transit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tendacn.com/product/AC7

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable HTTP management

all

Force HTTPS-only access to router management interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected routers with different models
Implement strict network access controls to limit who can reach router management interface

🔍 How to Verify

Check if Vulnerable:

Use network traffic analyzer (Wireshark) to capture HTTP traffic to router admin interface and check for plaintext credentials in responses.

Check Version:

Log into router web interface and check firmware version in System Status or About page.

Verify Fix Applied:

After firmware update, verify credentials are no longer visible in plaintext HTTP responses using traffic analysis.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login from unusual IP
Configuration changes from unexpected sources

Network Indicators:

Unusual traffic patterns to router management interface
HTTP traffic containing 'password' or 'admin' in plaintext

SIEM Query:

source_ip IN (router_management_ips) AND http_request AND (content CONTAINS 'password=' OR content CONTAINS 'admin=')

📊 Metadata

CVE ID: CVE-2026-24441

CVSS v3 Score: N/A (Unknown)

CWE: CWE-319

Published: February 3, 2026

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24441, you might also want to check these: