Cyber Resilience

CVE-2026-5962

MediumPublic PoC

Published: 09 April 2026

Published
09 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0054 41.0th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-5962 is a medium-severity Path Traversal (CWE-22) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5962 is a path traversal vulnerability (CWE-22) in Tenda CH22 firmware version 1.0.0.6(468). The issue affects the R7WebsSecurityHandlerfunction within the httpd component, enabling manipulation that leads to unauthorized file access outside intended directories.

The vulnerability is exploitable remotely by unauthenticated attackers requiring low complexity and no user interaction, per its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation grants limited impacts on confidentiality, integrity, and availability, such as reading or modifying restricted files.

Advisories and additional details are documented in VulDB entries (vuldb.com/vuln/356515 and related pages) and a GitHub repository containing a public exploit (github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_55/README.md). The Tenda website (tenda.com.cn) provides manufacturer resources, which security practitioners should review for patch availability or mitigation steps.

The exploit is public and may be used, posing elevated risk to unpatched Tenda CH22 devices exposed to the internet.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal vulnerability in public-facing httpd web interface enables unauthenticated remote exploitation of public-facing application for unauthorized file access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-12232Same product: Tenda Ch22
CVE-2026-5604Same product: Tenda Ch22
CVE-2025-9812Same product: Tenda Ch22
CVE-2025-9748Same product: Tenda Ch22
CVE-2025-9813Same product: Tenda Ch22
CVE-2026-5155Same product: Tenda Ch22
CVE-2026-5152Same product: Tenda Ch22
CVE-2025-12265Same product: Tenda Ch22
CVE-2025-9443Same product: Tenda Ch22
CVE-2025-9007Same product: Tenda Ch22

Affected Assets

tenda
ch22 firmware
1.0.0.6\(468\)

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation directly patches the path traversal vulnerability in the R7WebsSecurityHandler function of the httpd component, preventing remote exploitation.

prevent

Information input validation rejects malicious path traversal payloads sent to the vulnerable web handler, blocking unauthorized file access.

prevent

Access enforcement mediates file access requests, limiting damage from successful path traversal by denying unauthorized reads or writes outside intended directories.

References