CVE-2026-22082

216.73.216.36

· Published 09/01/2026 12:15 · Modified 09/01/2026 12:15

Labels: CVE-2026-22082 2026-01-09 CVE-2026-22082 CWE-384 [email protected]

Essential information

Published: 09/01/2026 12:15
Modified: 09/01/2026 12:15
Author: —
Creator: —
CVSS: 8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission. Successful exploitation of this vulnerability could allow the attacker to hijack an authenticated session and compromise sensitive configuration information on the targeted device.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
tenda / 300mbps wireless router f3	`cpe:2.3:a:tenda:300mbps_wireless_router_f3::::::::`
tenda / n300 easy setup router	`cpe:2.3:a:tenda:n300_easy_setup_router::::::::`