CNNVD-202601-1633 Information

CNNVD ID

CNNVD-202601-1633

Related CVE

CVE-2026-22081

• CNNVD Published: 2026-01-09

Description (Chinese)

Tenda N300是中国腾达（Tenda）公司的一款路由器。 Tenda N300存在安全漏洞，该漏洞源于与基于Web的管理界面关联的会话cookie缺少HTTPOnly标志，可能导致远程攻击者通过不安全的HTTP连接捕获会话cookie，从而获得未经授权的访问。

Description (English)

Tenda N300 is a router for Tenda China. There is a security loophole in Tenda N300, which stems from the absence of HTTPOnly markers for the conversation cookies linked to the Web-based management interface, which may lead to the remote attackers being able to access the session cookies by connecting them to unsafe HTTPs, thus obtaining unauthorized access.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

腾达

Published

2026-01-09

Last Modified

2026-02-24

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004

Patch

https://www.tendacn.com/in/material/show/724624313163845