CVE-2026-5962

HIGH

A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.

CVSS v3.1 Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Published: 4/9/2026Modified: 4/30/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (5)

https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_55/README.mdExploitThird Party Advisory https://vuldb.com/submit/791277Third Party AdvisoryVDB Entry https://vuldb.com/vuln/356515Third Party AdvisoryVDB Entry https://vuldb.com/vuln/356515/ctiPermissions RequiredVDB Entry https://www.tenda.com.cn/Product