CVE-2026-5153

MEDIUM

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.

CVSS v3.1 Score

6.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Published: 3/30/2026Modified: 4/2/2026

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-5153 — A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the functio...

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.

CVE-2026-5153
NIST NVD

References (5)

https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_60/README.mdExploitThird Party Advisoryhttps://vuldb.com/submit/780204Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/354185Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/354185/ctiPermissions RequiredVDB Entryhttps://www.tenda.com.cn/Product