CVE-2026-22080

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device.

CVSS

No CVSS.

References

Link	Resource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Esta vulnerabilidad existe en los routers inalámbricos Tenda (Router Inalámbrico de 300Mbps F3 y Router de Fácil Configuración N300) debido a la transmisión de credenciales codificadas usando codificación Base64 reversible a través de la interfaz administrativa basada en web. Un atacante en la misma red podría explotar esta vulnerabilidad interceptando el tráfico de red y capturando las credenciales codificadas en Base64. La explotación exitosa de esta vulnerabilidad podría permitir al atacante obtener información sensible y conseguir acceso no autorizado al dispositivo objetivo.

09 Jan 2026, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-09 11:15

Updated : 2026-04-15 00:35

NVD link : CVE-2026-22080

Mitre link : CVE-2026-22080

CVE.ORG link : CVE-2026-22080

JSON object : View

Products Affected

No product.

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2026-22080", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "vdisclose@cert-in.org.in", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-09T11:15:51.150", "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004", "source": "vdisclose@cert-in.org.in"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "vdisclose@cert-in.org.in", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials.\n\nSuccessful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device."}, {"lang": "es", "value": "Esta vulnerabilidad existe en los routers inal\u00e1mbricos Tenda (Router Inal\u00e1mbrico de 300Mbps F3 y Router de F\u00e1cil Configuraci\u00f3n N300) debido a la transmisi\u00f3n de credenciales codificadas usando codificaci\u00f3n Base64 reversible a trav\u00e9s de la interfaz administrativa basada en web. Un atacante en la misma red podr\u00eda explotar esta vulnerabilidad interceptando el tr\u00e1fico de red y capturando las credenciales codificadas en Base64.\n\nLa explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante obtener informaci\u00f3n sensible y conseguir acceso no autorizado al dispositivo objetivo."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "vdisclose@cert-in.org.in"}