CVE-2026-5604: Tenda CH22 Stack Overflow - HIGH
Platform
linux
Component
tenda
CVE-2026-5604 describes a stack-based buffer overflow vulnerability found in the Tenda CH22 router, specifically within the Parameter Handler's /goform/CertLocalPrecreate function. Successful exploitation could allow an attacker to execute arbitrary code on the device, potentially gaining control of the router. This vulnerability affects versions 1.0.0 through 1.0.0.1, and as of the publication date, no official patch has been released.
How to fix
Actualice el firmware del dispositivo Tenda CH22 a la última versión disponible proporcionada por el fabricante. Verifique el sitio web oficial de Tenda para obtener instrucciones de actualización y la última versión del firmware. Esta actualización aborda la vulnerabilidad de desbordamiento de búfer en la pila.
Frequently asked questions
What is CVE-2026-5604?
CVE-2026-5604 is a security vulnerability in the Tenda CH22 router that allows a remote attacker to trigger a stack-based buffer overflow by manipulating the 'standard' argument in the /goform/CertLocalPrecreate function. This can potentially lead to arbitrary code execution.
Am I affected by CVE-2026-5604?
You are affected if you are using a Tenda CH22 router running version 1.0.0 or 1.0.0.1. The vulnerability is publicly known and an exploit is available, making it a significant risk.
How can I fix or mitigate CVE-2026-5604?
As of the publication date, no official patch is available from Tenda. Mitigation strategies include isolating the router from the internet, implementing strict firewall rules, and monitoring for suspicious activity. Consider upgrading to a different router model if possible.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free