CVE-2026-5962

HIGH

Tenda CH22 httpd R7WebsSecurityHandlerfunction path traversal

Title source: cna

Description

A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/356515

[Signature, Permissions Required] https://vuldb.com/vuln/356515/cti

[Third Party Advisory] https://vuldb.com/submit/791277

[Exploit] https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_55/README.md

View Exploit ZIP pw:eip

[Product] https://www.tenda.com.cn/

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 18.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-22

Status published

Products (1)

Tenda/CH22 1.0.0.6(468)

Published Apr 09, 2026

Tracked Since Apr 09, 2026