Vulnerability Details CVE-2026-24426
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser context.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.2%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2026-24426
-
cpe:2.3:h:tenda:ac7:-
-
cpe:2.3:o:tenda:ac7_firmware:1.0