EUVD-2026-17509
GHSA-5qj8-jcmc-3p6q
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Analysis
Stack-based buffer overflow in Tenda CH22 router version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution via the webSiteId parameter in the formWebTypeLibrary function. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Tenda CH22 v1.0.0.1 devices on your network using asset discovery tools and disable remote administrative access until mitigation is confirmed. Within 7 days: Contact Tenda for patch availability and timeline; consider replacement with patched hardware or alternative router models if no patch roadmap exists. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today