Vulnerability Details CVE-2026-24434
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrator to perform unintended state-changing requests and modify router settings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.6%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-24434
-
cpe:2.3:h:tenda:ac7:-
-
cpe:2.3:o:tenda:ac7_firmware:1.0