Platform
tenda
Component
vuldb_new
Fixed in
1.0.1
CVE-2026-5204 describes a stack-based buffer overflow vulnerability affecting the Tenda CH22 router running firmware version 1.0.0.1. This vulnerability allows a remote attacker to exploit the formWebTypeLibrary function within the /goform/webtypelibrary component by manipulating the webSiteId argument. The vulnerability has been publicly disclosed, increasing the risk of exploitation. A fix is pending from Tenda.
Successful exploitation of CVE-2026-5204 could allow an attacker to execute arbitrary code on the affected Tenda CH22 router. This could lead to complete compromise of the device, enabling the attacker to modify router configurations, intercept network traffic, and potentially pivot to other devices on the network. Given the router's role as a gateway, a successful attack could grant access to the entire internal network. The publicly disclosed nature of this vulnerability significantly increases the likelihood of exploitation, especially if a readily available exploit is developed.
CVE-2026-5204 is publicly disclosed, indicating a higher probability of exploitation. The vulnerability's nature (stack-based buffer overflow) is well-understood, making it relatively straightforward for attackers to develop exploits. No KEV listing or EPSS score is currently available. Public proof-of-concept exploits are likely to emerge given the disclosure and the vulnerability type.
Exploit Status
EPSS
0.09% (26% percentile)
CISA SSVC
CVSS Vector
Currently, there is no official patch available from Tenda for CVE-2026-5204. As a temporary mitigation, consider implementing strict firewall rules to restrict access to the /goform/webtypelibrary endpoint from untrusted sources. Network segmentation can limit the potential blast radius of a successful attack. Monitor router logs for unusual activity, particularly requests to the vulnerable endpoint. If possible, isolate the affected router from critical network segments until a patch is released. After a patch is released, upgrade the firmware to the fixed version and confirm by verifying the firmware version and checking router logs for any error messages related to the vulnerability.
Update the Tenda CH22 device firmware to a version that corrects the stack-based buffer overflow vulnerability. Consult the manufacturer's website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5204 is a HIGH severity buffer overflow vulnerability in the Tenda CH22 router's firmware (version 1.0.0.1) that allows remote attackers to potentially execute code.
You are affected if you are using a Tenda CH22 router with firmware version 1.0.0.1. Check your router's firmware version in the administration interface.
Currently, there is no official patch available. Implement temporary mitigations like firewall rules and network segmentation until a patch is released by Tenda.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Monitor your router for suspicious activity.
Check the Tenda support website for security advisories related to the CH22 router. Monitor security news sources for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.