{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5152", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-30T13:33:02.568Z", "datePublished": "2026-03-30T20:30:17.269Z", "dateUpdated": "2026-03-31T18:05:17.034Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-30T20:30:17.269Z"}, "title": "Tenda CH22 createFileName formCreateFileName stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "CH22", "versions": [{"version": "1.0.0.1", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:ch22_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-30T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-30T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-30T15:38:20.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "LtzHuster (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/354184", "name": "VDB-354184 | Tenda CH22 createFileName formCreateFileName stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354184/cti", "name": "VDB-354184 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780203", "name": "Submit #780203 | Tenda CH22 V1.0.0.1 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_50/README.md", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T16:14:08.461866Z", "id": "CVE-2026-5152", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T18:05:17.034Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Tenda CH22 createFileName formCreateFileName stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "LtzHuster (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:ch22_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "product": "CH22", "versions": [{"status": "affected", "version": "1.0.0.1"}]}], "timeline": [{"lang": "en", "time": "2026-03-30T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-30T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-30T15:38:20.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354184", "name": "VDB-354184 | Tenda CH22 createFileName formCreateFileName stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354184/cti", "name": "VDB-354184 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780203", "name": "Submit #780203 | Tenda CH22 V1.0.0.1 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_50/README.md", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-30T20:30:17.269Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5152", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T16:14:08.461866Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-31T16:14:14.894Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-5152", "state": "PUBLISHED", "dateUpdated": "2026-03-30T20:30:17.269Z", "dateReserved": "2026-03-30T13:33:02.568Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-30T20:30:17.269Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ch22_firmware:1.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB66174F-9460-4B60-AC6B-1B8D5700D6A0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ch22:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B2CBA2D-54D0-4860-A4B4-2BF5238E76AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en Tenda CH22 1.0.0.1. Afectada es la funci\u00f3n formCreateFileName del archivo /goform/createFileName. Realizar una manipulaci\u00f3n del argumento fileNameMit resulta en desbordamiento de b\u00fafer basado en pila. El ataque puede ser iniciado remotamente. El exploit es ahora p\u00fablico y puede ser usado."}], "id": "CVE-2026-5152", "lastModified": "2026-04-02T12:10:08.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-30T21:17:11.057", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_50/README.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/780203"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/354184"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/vuln/354184/cti"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "CH22", "source": "cna", "vendor": "Tenda"}, "product": "ch22", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-03-31T06:00:27.696460+00:00", "value": {"mitigation_remediation": ["Obtain and install the latest firmware for the Tenda CH22 that addresses the buffer overflow in formCreateFileName.", "If a firmware update is not yet available, block external access to the /goform/createFileName endpoint using firewall rules or web\u2011server configuration.", "Verify that the device no longer responds to the vulnerable endpoint after patching or blocking.", "Continuously monitor device logs for attempts to exploit the endpoint and isolate the router from untrusted networks."], "summary": {"action": "Immediate Patch", "impact": "Remote code execution via stack-based buffer overflow"}, "threat_synthesis": {"affected_systems": "The vulnerable product is the Tenda CH22 wireless router running firmware version 1.0.0.1. Only this firmware revision is documented as affected; no other Tenda devices or firmware versions are explicitly listed as impacted.", "description_and_impact": "A stack-based buffer overflow exists in the Tenda CH22 device firmware 1.0.0.1, specifically within the formCreateFileName function exposed through the /goform/createFileName URL. Manipulation of the fileNameMit argument causes a buffer overflow that can overwrite the stack and allow execution of arbitrary code. The vulnerability is categorized under CWE\u2011119 (Buffer Overflow) and CWE\u2011121 (Stack-based Buffer Overflow). The attack may be performed remotely by sending crafted requests to the affected endpoint, and the exploit is publicly available.", "risk_and_exploitability": "The CVSS base score is 8.7, indicating a high severity. No EPSS score is reported, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, network-facing HTTP requests to /goform/createFileName. Because the flaw can be triggered without authentication, a remote attacker could achieve local execution on the device, potentially compromising the router\u2019s network configuration and exposing downstream networks."}}}}, "created": "2026-03-31T19:59:55.418573+00:00", "updated": "2026-03-31T20:40:08.825945+00:00", "vendors": ["tenda", "tenda$PRODUCT$ch22"]}