Plattform
tenda
Komponente
tenda
Behoben in
1.0.1
CVE-2026-5962 describes a Path Traversal vulnerability discovered in the Tenda CH22 router, specifically impacting firmware versions 1.0.0 through 1.0.0.6(468). This flaw allows attackers to potentially access sensitive files and directories on the device through remote exploitation. A public exploit is now available, increasing the risk of immediate compromise. The vulnerability resides within the httpd component's R7WebsSecurityHandlerfunction.
The Path Traversal vulnerability allows an attacker to bypass security controls and access files and directories that should be protected. Successful exploitation could lead to the disclosure of configuration files, system credentials, or other sensitive data stored on the router. Given the router's role in network connectivity, a compromised device could also be used as a pivot point for lateral movement within the internal network. The availability of a public exploit significantly increases the likelihood of widespread exploitation, potentially impacting a large number of Tenda CH22 devices.
CVE-2026-5962 has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. The vulnerability was published on 2026-04-09. It is not currently listed on the CISA KEV catalog, but the availability of a public exploit warrants close monitoring and proactive mitigation efforts.
Home users and small businesses relying on Tenda CH22 routers are at risk. Those with exposed routers on the public internet or those using default configurations are particularly vulnerable. Shared hosting environments utilizing Tenda CH22 routers for network management are also at increased risk.
• linux / server:
journalctl -u httpd | grep -i "path traversal"• generic web:
curl -I http://<router_ip>/../../../../etc/passwd | head -n 1disclosure
poc
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-5962 is to upgrade the Tenda CH22 firmware to a patched version as soon as it becomes available from Tenda. Until a patch is released, consider implementing temporary workarounds such as configuring a Web Application Firewall (WAF) to block requests containing path traversal sequences (e.g., ../). Restricting access to the router's web interface from untrusted networks can also reduce the attack surface. Monitor router logs for suspicious activity, particularly requests containing unusual path characters.
Actualice el firmware del dispositivo Tenda CH22 a una versión corregida que solucione la vulnerabilidad de path traversal. Consulte el sitio web oficial de Tenda o contacte con el soporte técnico para obtener la última versión del firmware.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-5962 is a Path Traversal vulnerability affecting Tenda CH22 routers, allowing attackers to access sensitive files remotely.
If you are using a Tenda CH22 router with firmware versions 1.0.0–1.0.0.6(468), you are potentially affected by this vulnerability.
Upgrade your Tenda CH22 router to the latest firmware version as soon as it's available. Until then, implement WAF rules to restrict file access.
Yes, a public proof-of-concept exists, indicating active exploitation is likely.
Please refer to the Tenda security advisories page for updates and official information regarding CVE-2026-5962.
CVSS-Vektor
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.