cvedb.io
CVE-2026-27512
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2026-02-23T17:23:29.687 · Last modified 2026-06-17T10:27:16.993

Summary

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under affected browser behaviors, MIME sniffing may cause the response to be interpreted as active HTML, enabling script execution in the context of the administrative interface.

Affected products

tenda — f3_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tenda ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.