Platform
tenda
Component
vuldb_new
Fixed in
1.0.1
CVE-2026-5152 describes a stack-based buffer overflow vulnerability within the formCreateFileName function of Tenda CH22 version 1.0.0.1. This flaw allows a remote attacker to potentially execute arbitrary code by manipulating the fileNameMit argument, leading to a buffer overflow. The vulnerability affects Tenda CH22 version 1.0.0.1. No official patch is currently available.
A critical vulnerability has been detected in the Tenda CH22 router, version 1.0.0.1, identified as CVE-2026-5152. This vulnerability resides within the 'formCreateFileName' function of the '/goform/createFileName' file. An attacker can exploit this flaw by manipulating the 'fileNameMit' argument, resulting in a stack-based buffer overflow. This could allow for arbitrary code execution on the device, compromising the security of the network it is connected to. The vulnerability's severity is rated 8.8 on the CVSS scale, indicating a high risk. The remote nature of the attack and the public availability of the exploit significantly increase the likelihood of exploitation.
CVE-2026-5152 is remotely exploitable, meaning an attacker does not need physical access to the Tenda CH22 router to compromise it. The exploit is publicly available, making it easy for attackers with varying levels of technical skill to utilize it. The attack focuses on manipulating the 'fileNameMit' argument within the 'formCreateFileName' function, causing a buffer overflow. This overflow can be leveraged to inject malicious code and execute it on the router, allowing the attacker to gain control of the device and potentially access the internal network.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
Currently, there is no official fix provided by Tenda for this vulnerability. The primary recommendation is to update the router's firmware to the latest available version, although it is unknown whether this version addresses the vulnerability. As a preventative measure, it is suggested to isolate the router from the public network, restrict access to the administration interface, and monitor network traffic for suspicious activity. We strongly recommend contacting Tenda directly to request a firmware update and obtain information about potential workarounds. The absence of an official patch necessitates a proactive approach to network security.
Actualizar el firmware del dispositivo Tenda CH22 a una versión posterior a 1.0.0.1 que corrija la vulnerabilidad de desbordamiento de búfer basada en pila. Consultar el sitio web del fabricante para obtener la última versión del firmware y las instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
It's a unique identifier for this specific vulnerability in the Tenda CH22 router.
If you have a Tenda CH22 with firmware version 1.0.0.1, it is vulnerable. Check the firmware version in the router's configuration.
Isolate the router from the public network and consider replacing it with a more secure device.
No, this vulnerability only affects Tenda CH22 devices with the specified firmware version.
Contact Tenda's technical support directly.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.