CVE-2026-27512
MEDIUMTenda F3 Firmware < 12.01.01.55_multi - Reflected Script Execution via Missing nosniff Header
Title source: llmDescription
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under affected browser behaviors, MIME sniffing may cause the response to be interpreted as active HTML, enabling script execution in the context of the administrative interface.
References (2)
Core 2
Core References
Product product
https://www.tendacn.com/product/F3
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/tenda-f3-reflected-script-execution-via-missing-nosniff-header
Scores
CVSS v3
6.1
EPSS
0.0018
EPSS Percentile
8.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-116
CWE-79
Status
published
Products (2)
Shenzhen Tenda Technology Co., Ltd./Tenda F3
< 12.01.01.55_multi
tenda/f3_firmware
< 12.01.01.55_multi
Published
Feb 23, 2026
Tracked Since
Feb 23, 2026