Plattform
tenda
Komponente
tenda
Behoben in
1.0.1
CVE-2026-5841 describes a Path Traversal vulnerability discovered in the Tenda i3 router, specifically within the R7WebsSecurityHandler function of the HTTP Handler component. Successful exploitation allows attackers to remotely access arbitrary files on the system, potentially leading to data breaches or system compromise. This vulnerability impacts Tenda i3 devices running versions 1.0.0 through 1.0.0.6(2204). A fix is pending from the vendor.
The primary impact of CVE-2026-5841 is the ability for an attacker to read sensitive files on the affected Tenda i3 router. This could include configuration files containing passwords, SSH keys, or other credentials. An attacker could potentially gain full control of the router if they can leverage this vulnerability to execute arbitrary code or modify system files. The public availability of an exploit significantly increases the risk of widespread exploitation. This vulnerability shares similarities with other path traversal exploits where attackers manipulate file paths to bypass security controls and access unauthorized resources.
CVE-2026-5841 has been publicly disclosed and an exploit is available, indicating a high probability of exploitation. The vulnerability is listed on the NVD (National Vulnerability Database) as of 2026-04-09. The EPSS (Exploit Prediction Score System) score is likely to be elevated due to the public availability of the exploit, suggesting a medium to high risk of active exploitation. No KEV listing is currently available.
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
Due to the lack of a vendor-provided patch, mitigation strategies focus on limiting exposure and detecting potential exploitation. Implement a Web Application Firewall (WAF) with rules to block requests containing suspicious path traversal patterns (e.g., '../', '\\'). Restrict access to the router's web interface from untrusted networks. Monitor router logs for unusual file access attempts. Consider segmenting the router from other critical network resources to limit the blast radius of a potential compromise. While a rollback is not applicable in this scenario, regularly review router configurations for any misconfigurations that could exacerbate the vulnerability.
Actualice el firmware del dispositivo Tenda i3 a una versión corregida por el fabricante. Consulte el sitio web de soporte de Tenda para obtener más información sobre las actualizaciones de firmware disponibles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a path traversal vulnerability in the Tenda i3 router's HTTP Handler, allowing attackers to access sensitive files remotely.
If you're using a Tenda i3 router running firmware versions 1.0.0 through 1.0.0.6(2204), you are potentially affected by this vulnerability.
Upgrade to the latest firmware version from Tenda when a patch is released. Until then, implement mitigation strategies like firewall restrictions and WAF rules.
A proof-of-concept exploit is publicly available, increasing the risk of exploitation if the vulnerability remains unpatched.
Refer to the National Vulnerability Database (NVD) entry for CVE-2026-5841 for detailed information and updates: [https://nvd.nist.gov/vuln/detail/CVE-2026-5841](https://nvd.nist.gov/vuln/detail/CVE-2026-5841)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.