Which versions of Tenda i9 are affected by CVE-2026-7036?

CVE-2026-7036 is a critical path traversal vulnerability in Tenda i9 routers that allows unauthenticated remote attackers to access sensitive files and modify system configurations without…

Is there a public PoC exploit available for CVE-2026-7036?

Yes, a public proof-of-concept exploit is available for CVE-2026-7036. Prioritise patching immediately. EPSS: 0.1%.

Tenda i9 CVE-2026-7036

Q: What is the CVSS score of CVE-2026-7036?

CVE-2026-7036 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-25712 MEDIUM

Path Traversal (CWE-22)

2026-04-26 VulDB

Path Traversal Tenda

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 30, 2026 - 14:10 vuln.today

Public exploit code

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

Severity Changed

Apr 26, 2026 - 12:22 NVD

HIGH MEDIUM

CVSS changed

Apr 26, 2026 - 12:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

Analysis Generated

Apr 26, 2026 - 12:00 vuln.today

EUVD ID Assigned

Apr 26, 2026 - 11:45 euvd

EUVD-2026-25712

Analysis Generated

Apr 26, 2026 - 11:45 vuln.today

CVE Published

Apr 26, 2026 - 11:30 nvd

MEDIUM 5.5

DescriptionNVD

A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

AnalysisAI

Path traversal in Tenda i9 router firmware version 1.0.0.5(2204) allows remote unauthenticated attackers to access arbitrary files, modify system configurations, and potentially disrupt device operation via the R7WebsSecurityHandlerfunction in the HTTP Handler component. Publicly available exploit code exists on GitHub (Litengzheng/vuldb_new), enabling straightforward exploitation with EPSS-assessed risk. …

RemediationAI

Within 24 hours: Identify all Tenda i9 routers in your network inventory and isolate affected units (firmware 1.0.0.5(2204)) from production traffic if business-critical. Within 7 days: Contact Tenda support for firmware update availability and implement network segmentation to restrict HTTP access to these devices to authorized administrative networks only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7036 vulnerability details – vuln.today

Back

Tenda i9 CVE-2026-7036

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda i9 CVE-2026-7036

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code