{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5152", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-30T13:33:02.568Z", "datePublished": "2026-03-30T20:30:17.269Z", "dateUpdated": "2026-03-31T18:05:17.034Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-30T20:30:17.269Z"}, "title": "Tenda CH22 createFileName formCreateFileName stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "CH22", "versions": [{"version": "1.0.0.1", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:ch22_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-30T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-30T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-30T15:38:20.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "LtzHuster (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/354184", "name": "VDB-354184 | Tenda CH22 createFileName formCreateFileName stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354184/cti", "name": "VDB-354184 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780203", "name": "Submit #780203 | Tenda CH22 V1.0.0.1 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_50/README.md", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T16:14:08.461866Z", "id": "CVE-2026-5152", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T18:05:17.034Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Tenda CH22 createFileName formCreateFileName stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "LtzHuster (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:ch22_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "product": "CH22", "versions": [{"status": "affected", "version": "1.0.0.1"}]}], "timeline": [{"lang": "en", "time": "2026-03-30T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-30T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-30T15:38:20.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354184", "name": "VDB-354184 | Tenda CH22 createFileName formCreateFileName stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354184/cti", "name": "VDB-354184 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780203", "name": "Submit #780203 | Tenda CH22 V1.0.0.1 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_50/README.md", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-30T20:30:17.269Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5152", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T16:14:08.461866Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-31T16:14:14.894Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-5152", "state": "PUBLISHED", "dateUpdated": "2026-03-30T20:30:17.269Z", "dateReserved": "2026-03-30T13:33:02.568Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-30T20:30:17.269Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ch22_firmware:1.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB66174F-9460-4B60-AC6B-1B8D5700D6A0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ch22:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B2CBA2D-54D0-4860-A4B4-2BF5238E76AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en Tenda CH22 1.0.0.1. Afectada es la funci\u00f3n formCreateFileName del archivo /goform/createFileName. Realizar una manipulaci\u00f3n del argumento fileNameMit resulta en desbordamiento de b\u00fafer basado en pila. El ataque puede ser iniciado remotamente. El exploit es ahora p\u00fablico y puede ser usado."}], "id": "CVE-2026-5152", "lastModified": "2026-04-02T12:10:08.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-30T21:17:11.057", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_50/README.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/780203"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/354184"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/vuln/354184/cti"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "CH22", "source": "cna", "vendor": "Tenda"}, "product": "ch22", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-02T13:25:45.152804+00:00", "value": {"mitigation_remediation": ["Download and install the latest firmware release from the official Tenda website that addresses this buffer overflow", "If the vendor has not yet released a patch, disable remote management or restrict access to the device to trusted IP ranges only", "Change any default or weak credentials and enable strong authentication", "Monitor device logs for unusual activity and consider isolating the device from the production network until a patch is applied", "Follow general best practices for securing networked embedded devices: limit exposed services, use network segmentation, and keep devices up to date"], "summary": {"action": "Immediate Patch", "impact": "Remote code execution via stack-based buffer overflow"}, "threat_synthesis": {"affected_systems": "CVE-2026-5152 affects the Tenda CH22 model running firmware version 1.0.0.1. Only this version is listed as vulnerable; newer or lower firmware revisions have not been reported as affected.", "description_and_impact": "A stack-based buffer overflow exists in the Tenda CH22 firmware function formCreateFileName, triggered by manipulating the fileNameMit argument in /goform/createFileName. The overflow can corrupt the stack and allow an attacker to execute arbitrary code or crash the device, constituting a remote vulnerability with severe impact on confidentiality, integrity, and availability.", "risk_and_exploitability": "The reported CVSS score of 8.7 classifies this as a high severity flaw. The EPSS score of less than 1% indicates a relatively low probability of exploitation currently, and the vulnerability is not included in the CISA KEV catalog. Attackers can initiate the exploit remotely, likely from any network path that can reach the device\u2019s web interface. Exploitation requires sending a carefully crafted payload to the vulnerable parameter; no local privileges are needed. Given the high CVSS and the public availability of the exploit, the risk to unpatched devices is significant if they are exposed to untrusted networks."}}}}, "created": "2026-03-31T19:59:55.418573+00:00", "updated": "2026-04-02T20:22:49.443136+00:00", "vendors": ["tenda", "tenda$PRODUCT$ch22"]}