Platform
tenda
Component
tenda
Fixed in
1.0.1
A critical vulnerability, CVE-2026-5605, has been discovered in the Tenda CH22 router, specifically affecting versions 1.0.0 through 1.0.0.1. This vulnerability is a stack-based buffer overflow that can be triggered remotely by manipulating the GO argument within the /goform/WrlExtraSet endpoint. Successful exploitation could lead to arbitrary code execution on the device, potentially granting an attacker full control. A public exploit is already available.
The stack-based buffer overflow vulnerability in Tenda CH22 allows a remote attacker to execute arbitrary code. This means an attacker could potentially gain complete control of the router, including access to its configuration, network traffic, and connected devices. The availability of a public exploit significantly increases the risk of exploitation. Attackers could leverage this to launch man-in-the-middle attacks, redirect traffic, steal sensitive data, or use the router as a launchpad for further attacks on the internal network. The impact is particularly severe given the router's role as a gateway to a home or small business network.
CVE-2026-5605 is publicly known with a proof-of-concept exploit available, indicating a high probability of exploitation. It was disclosed on 2026-04-05. The vulnerability is currently not listed on CISA KEV, but its public nature warrants close monitoring. Active campaigns targeting Tenda routers are possible given the ease of exploitation.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5605 is to upgrade the Tenda CH22 router to a patched firmware version as soon as it becomes available. Until a patch is released, consider implementing temporary mitigations. These include deploying a Web Application Firewall (WAF) to filter requests to the /goform/WrlExtraSet endpoint, specifically looking for unusual or excessively long values in the GO parameter. Additionally, monitor router logs for suspicious activity, such as repeated failed login attempts or unexpected network traffic. Implement strict firewall rules to limit external access to the router's management interface. After applying any mitigation, verify its effectiveness by attempting to trigger the vulnerability with a controlled test request.
Update the Tenda CH22 device firmware to the latest version provided by the manufacturer to mitigate the risk of stack buffer overflow. Refer to the official Tenda website or product documentation for update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5605 is a HIGH severity buffer overflow vulnerability in Tenda CH22 routers (versions 1.0.0–1.0.0.1) allowing remote code execution through manipulation of the GO parameter in /goform/WrlExtraSet.
If you are using a Tenda CH22 router running version 1.0.0 or 1.0.0.1, you are potentially affected by this vulnerability. Check your router's firmware version immediately.
The recommended fix is to upgrade to a patched firmware version from Tenda. Until a patch is available, implement WAF rules and monitor router logs for suspicious activity.
A public proof-of-concept exploit exists, indicating a high probability of active exploitation. Monitor your network and router logs closely.
Please refer to the Tenda support website for the latest advisory and firmware updates regarding CVE-2026-5605.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.