PT-2026-29131 · Tenda · Tenda Ch22

Ltzhuster

Published

2026-03-30

Updated

2026-03-31

CVE-2026-5153

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1

Description A flaw exists in the Tenda CH22 version 1.0.0.1. The affected element is the FormWriteFacMac function within the /goform/WriteFacMac file. Manipulating the mac argument can lead to command injection. The attack can be launched remotely. An exploit has been published and is available for use.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2026-5153

Affected Products

Tenda Ch22

PT-2026-29131 · Tenda · Tenda Ch22

CVE-2026-5153

Weakness Enumeration

Related Identifiers

Affected Products

References · 7