A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.
References
| Link | Resource |
|---|---|
| https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_55/README.md | Exploit Third Party Advisory |
| https://vuldb.com/submit/791277 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/356515 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/356515/cti | Permissions Required VDB Entry |
| https://www.tenda.com.cn/ | Product |
Configurations
Configuration 1 (hide)
| AND |
|
History
30 Apr 2026, 15:38
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Tenda
Tenda ch22 Tenda ch22 Firmware |
|
| CPE | cpe:2.3:o:tenda:ch22_firmware:1.0.0.6\(468\):*:*:*:*:*:*:* cpe:2.3:h:tenda:ch22:-:*:*:*:*:*:*:* |
|
| References | () https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_55/README.md - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/submit/791277 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/356515 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/356515/cti - Permissions Required, VDB Entry | |
| References | () https://www.tenda.com.cn/ - Product |
09 Apr 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-09 17:16
Updated : 2026-04-30 15:38
NVD link : CVE-2026-5962
Mitre link : CVE-2026-5962
CVE.ORG link : CVE-2026-5962
JSON object : View
Products Affected
tenda
- ch22_firmware
- ch22
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')