CVE-2026-5605: Tenda CH22 Buffer Overflow - Remote RCE
Platform
linux
Component
tenda
CVE-2026-5605 describes a stack-based buffer overflow vulnerability found in the Tenda CH22 router, specifically within the /goform/WrlExtraSet function. Successful exploitation allows for remote code execution, potentially granting an attacker control over the device. This vulnerability impacts versions 1.0.0 through 1.0.0.1, and currently, no official patch has been released to address it.
How to fix
Actualice el firmware del dispositivo Tenda CH22 a la última versión disponible proporcionada por el fabricante para mitigar el riesgo de desbordamiento de búfer en la pila. Consulte el sitio web oficial de Tenda o la documentación del producto para obtener instrucciones de actualización.
Frequently asked questions
What is CVE-2026-5605?
CVE-2026-5605 is a remote code execution (RCE) vulnerability affecting the Tenda CH22 router. It's caused by a stack-based buffer overflow in the /goform/WrlExtraSet function, allowing attackers to potentially execute arbitrary code on the device.
Am I affected by CVE-2026-5605?
You are potentially affected if you are using a Tenda CH22 router running version 1.0.0 through 1.0.0.1. The vulnerability is remotely exploitable, meaning an attacker doesn't need physical access to the device.
How can I fix or mitigate CVE-2026-5605?
Currently, no official patch is available from Tenda to address this vulnerability. As a mitigation, consider isolating the affected router from the internet or implementing strict firewall rules to limit external access.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free