Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vpme-zw4b-zfa8
Summary
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection.

Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unau-thorized access to the targeted device.
Aliases
0
alias CVE-2026-22081
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22081
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04164
published_at 2026-06-13T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04176
published_at 2026-06-12T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04168
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22081
1
reference_url https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004
reference_id s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-09T16:44:27Z/
url https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004
Weaknesses
0
cwe_id 1004
name Sensitive Cookie Without 'HttpOnly' Flag
description The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
Exploits
Severity_range_score8.8 - 8.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vpme-zw4b-zfa8