Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda CH22 1.0.0.1 Can Be Hacked Remotely Through Form Submission
CVE-2026-5605
Summary
A flaw in Tenda CH22 1.0.0.1 makes it possible for a hacker to potentially take control of the device by submitting a specially crafted form. This can be done from anywhere in the world. We recommend updating the device to the latest version as soon as possible to fix this issue.
Original title
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based ...
Original description
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 6 Apr 2026 · Updated: 6 Apr 2026 · First seen: 6 Apr 2026