Cyber Posture

CVE-2026-5962

HighPublic PoCUpdated

Published: 09 April 2026

Published
09 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0026 49.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5962 is a high-severity Path Traversal (CWE-22) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation directly patches the path traversal vulnerability in the R7WebsSecurityHandler function of the httpd component, preventing remote exploitation.

SI-10 Information Input Validation good match
prevent

Information input validation rejects malicious path traversal payloads sent to the vulnerable web handler, blocking unauthorized file access.

AC-3 Access Enforcement partial match
prevent

Access enforcement mediates file access requests, limiting damage from successful path traversal by denying unauthorized reads or writes outside intended directories.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Path traversal vulnerability in public-facing httpd web interface enables unauthenticated remote exploitation of public-facing application for unauthorized file access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.

Deeper analysisAI

CVE-2026-5962 is a path traversal vulnerability (CWE-22) in Tenda CH22 firmware version 1.0.0.6(468). The issue affects the R7WebsSecurityHandlerfunction within the httpd component, enabling manipulation that leads to unauthorized file access outside intended directories.

The vulnerability is exploitable remotely by unauthenticated attackers requiring low complexity and no user interaction, per its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation grants limited impacts on confidentiality, integrity, and availability, such as reading or modifying restricted files.

Advisories and additional details are documented in VulDB entries (vuldb.com/vuln/356515 and related pages) and a GitHub repository containing a public exploit (github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_55/README.md). The Tenda website (tenda.com.cn) provides manufacturer resources, which security practitioners should review for patch availability or mitigation steps.

The exploit is public and may be used, posing elevated risk to unpatched Tenda CH22 devices exposed to the internet.

Details

CWE(s)
CWE-22

Affected Products

tenda
ch22 firmware
1.0.0.6\(468\)

CVEs Like This One

CVE-2025-12265Same product: Tenda Ch22
CVE-2026-5204Same product: Tenda Ch22
CVE-2025-8180Same product: Tenda Ch22
CVE-2026-5604Same product: Tenda Ch22
CVE-2025-9748Same product: Tenda Ch22
CVE-2025-9812Same product: Tenda Ch22
CVE-2025-12274Same product: Tenda Ch22
CVE-2025-9813Same product: Tenda Ch22
CVE-2026-5152Same product: Tenda Ch22
CVE-2025-9006Same product: Tenda Ch22

References