Which versions of Tenda are affected by CVE-2026-5156?

Tenda CH22 router firmware version 1.0.0.1 contains a stack-based buffer overflow vulnerability (CVSS 8.8) that enables authenticated attackers to execute arbitrary code and gain full control of…

Is there a public PoC exploit available for CVE-2026-5156?

Yes, a public proof-of-concept exploit is available for CVE-2026-5156. Prioritise patching immediately. EPSS: 0.0%.

Tenda CVE-2026-5156

Q: What is the CVSS score of CVE-2026-5156?

CVE-2026-5156 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-17252 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-30 VulDB

GHSA-q7wf-8q63-47pq

Buffer Overflow Stack Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 02, 2026 - 12:07 vuln.today

Public exploit code

EUVD ID Assigned

Mar 30, 2026 - 23:45 euvd

EUVD-2026-17252

Analysis Generated

Mar 30, 2026 - 23:45 vuln.today

CVE Published

Mar 30, 2026 - 23:30 nvd

HIGH 7.4

DescriptionNVD

A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Stack-based buffer overflow in Tenda CH22 router firmware version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formQuickIndex function's handling of the mit_linktype parameter in the /goform/QuickIndex endpoint. …

RemediationAI

Within 24 hours: Identify all Tenda CH22 devices running firmware version 1.0.0.1 across your network inventory using asset management tools and network scanning. Within 7 days: Contact Tenda support to confirm firmware availability status and timelines; implement network segmentation to restrict administrative access to affected routers to essential personnel only; disable remote management interfaces if operationally feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5156 vulnerability details – vuln.today

Back

Tenda CVE-2026-5156

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda CVE-2026-5156

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code