Vulnerability Details CVE-2026-27512
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under affected browser behaviors, MIME sniffing may cause the response to be interpreted as active HTML, enabling script execution in the context of the administrative interface.
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2026-27512
-
cpe:2.3:h:tenda:f3:-
-
cpe:2.3:o:tenda:f3_firmware:12.01.01.48