CVE-2026-5154
Published: 30 March 2026
Summary
CVE-2026-5154 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 45.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-5154 is a stack-based buffer overflow vulnerability affecting Tenda CH22 firmware version 1.0.0.1/1.0.0.1. The issue resides in the fromSetCfm function within the /goform/setcfm file of the Parameter Handler component. Manipulation of the funcname argument triggers the overflow, as documented in the CVE description published on 2026-03-30.
The vulnerability enables remote exploitation over the network with low attack complexity and requires low privileges but no user interaction. According to the CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), successful attacks can compromise confidentiality, integrity, and availability to a high degree. Associated CWEs include CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
VulDB advisories detail the vulnerability at https://vuldb.com/vuln/354186 and related CTI at https://vuldb.com/vuln/354186/cti, with a submission entry at https://vuldb.com/submit/780206. A public exploit disclosure is available at https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_48/README.md. The Tenda vendor site at https://www.tenda.com.cn/ provides relevant product information for potential mitigations or patches.
The exploit has been disclosed to the public and may be used, heightening the risk for unpatched Tenda CH22 devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-17247
Vulnerability details
A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the…
more
attack is possible. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in authenticated web parameter handler (PR:L, remote, high C/I/A impact) directly enables code execution for privilege escalation on the device.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of the funcname argument in the /goform/setcfm endpoint to prevent stack-based buffer overflow from malformed inputs.
Implements memory protections such as stack canaries or DEP to mitigate exploitation of stack-based buffer overflows even if invalid input reaches the function.
Mandates timely remediation of the identified buffer overflow flaw in Tenda CH22 firmware via patching to eliminate the vulnerability.