CVE-2026-27511 - Vulnerability Analysis
MediumCVSS: 4.3Last Updated: February 23, 2026
Shenzhen Tenda F3 Wireless Router - Clickjacking
Published: February 23, 2026Updated: February 23, 2026PoC AvailableRemote Exploitable
Overview
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability caused by missing X-Frame-Options header in the web-based administrative interface, letting attacker-controlled sites trick authenticated administrators into unintended actions.
Severity & Score
Severity: Medium
CVSS Score: 4.3
Impact
Attackers can trick authenticated administrators into making unauthorized configuration changes via clickjacking.
Mitigation
Update to the latest firmware version that sets proper X-Frame-Options headers.
References
Related Resources
Details
- CVE ID
- CVE-2026-27511
- Severity
- Medium
- CVSS Score
- 4.3
- Type
- clickjacking
- Status
- confirmed
CWE
- CWE-1021
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N