Plattform
tenda
Komponente
vuldb_new
Behoben in
1.0.1
CVE-2026-5204 describes a critical vulnerability affecting the Tenda CH22 router, specifically version 1.0.0.1. This flaw stems from a stack-based buffer overflow within the formWebTypeLibrary function of the /goform/webtypelibrary component, triggered by manipulation of the webSiteId argument. Successful exploitation could allow an attacker to disrupt router functionality or potentially gain unauthorized access. A firmware update is expected to resolve this issue.
The stack-based buffer overflow vulnerability in the Tenda CH22 router presents a significant security risk. An attacker, leveraging crafted input to the webSiteId parameter, can overwrite adjacent memory regions on the stack. This can lead to a denial-of-service (DoS) condition, crashing the router and disrupting network connectivity. More critically, successful exploitation could allow the attacker to execute arbitrary code on the device, granting them complete control over the router and potentially the network it serves. This could include data exfiltration, configuration modification, and the deployment of malware. Given the router's role as a gateway, a compromised device could serve as a pivot point for attacks against internal network resources, significantly expanding the blast radius. The publicly disclosed nature of this exploit increases the likelihood of widespread exploitation.
CVE-2026-5204 has been publicly disclosed, indicating a higher probability of exploitation. While no specific campaigns targeting this vulnerability have been observed as of the publication date, the availability of exploit details increases the risk of opportunistic attacks. The vulnerability is not currently listed on CISA Known Exploited Vulnerabilities (KEV) catalog, but its severity and public disclosure warrant close monitoring. The EPSS score is likely to be assessed as medium to high, reflecting the ease of exploitation and potential impact. Refer to the National Vulnerability Database (NVD) and Tenda's security advisories for updates and further details.
Small and medium-sized businesses (SMBs) and home users who rely on Tenda CH22 routers running the vulnerable firmware version 1.0.0.1 are at risk. Organizations with multiple Tenda CH22 routers deployed in their networks face a broader attack surface. Shared hosting environments utilizing Tenda routers for network connectivity are also particularly vulnerable.
• tenda: Monitor router logs for unusual requests to /goform/webtypelibrary with potentially malformed webSiteId parameters. Use network intrusion detection systems (NIDS) to identify attempts to exploit the vulnerability.
• generic web: Use curl/wget to probe the /goform/webtypelibrary endpoint with various payloads and observe for crash or error responses.
disclosure
Exploit-Status
EPSS
0.09% (26% Perzentil)
CISA SSVC
CVSS-Vektor
Addressing CVE-2026-5204 requires a multi-faceted approach. The primary mitigation is to upgrade the Tenda CH22 router to a firmware version that includes a patch for this vulnerability. Monitor Tenda's official website and security advisories for the release of a patched firmware. In the interim, implement network segmentation to limit the router's access to sensitive internal resources. Consider deploying a Web Application Firewall (WAF) or proxy server to filter malicious traffic and block requests containing potentially harmful webSiteId parameters. Restrict access to the router's web interface using strong passwords and multi-factor authentication. Monitor network traffic for unusual activity originating from or destined to the router. After upgrading the firmware, confirm the vulnerability is resolved by attempting to reproduce the exploit with a safe test payload; the router should not crash or exhibit unexpected behavior.
Actualizar el firmware del dispositivo Tenda CH22 a una versión que corrija la vulnerabilidad de desbordamiento de búfer basado en pila. Consultar el sitio web del fabricante para obtener la última versión del firmware y las instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-5204 is a HIGH severity buffer overflow vulnerability in the Tenda CH22 router's firmware (version 1.0.0.1) that allows remote attackers to potentially execute code.
You are affected if you are using a Tenda CH22 router with firmware version 1.0.0.1. Check your router's firmware version in the administration interface.
Currently, there is no official patch available. Implement temporary mitigations like firewall rules and network segmentation until a patch is released by Tenda.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Monitor your router for suspicious activity.
Check the Tenda support website for security advisories related to the CH22 router. Monitor security news sources for updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.