Description
A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Published: 2026-03-30
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Exploitation
Action: Apply Patch
AI Analysis

Impact

A stack‑based buffer overflow exists in the fromSetCfm function of Tenda CH22 firmware version 1.0.0.1 and 1.If. By manipulating the funcname argument sent to the /goform/setcfm endpoint, an attacker can overflow a stack buffer and potentially execute arbitrary code. This flaw enables a full compromise of the device, providing the attacker with unrestricted access to the router and any connected network.

Affected Systems

The vulnerability affects Tenda CH22 routers running firmware 1.0.0.1 or 1.If. Any device without an update to a newer firmware release is vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, and the flaw is not listed in the CISA KEV catalog. EPSS information is not available, but the flaw is publicly disclosed and can be exploited remotely. The likely attack vector is an unauthenticated HTTP request to the /goform/setcfm endpoint; attackers can trigger the overflow from any network point that can reach the router. Successful exploitation could lead to arbitrary code execution, device takeover, and lateral movement within the network.

Generated by OpenCVE AI on March 31, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that fixes the overflow vulnerability.
  • If no update is immediately available, block external access to the /goform/setcfm interface using firewall rules or router ACLs.
  • Monitor the router for abnormal traffic or errors on the /goform/setcfm endpoint and investigate any suspicious activity promptly.

Generated by OpenCVE AI on March 31, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ch22
Vendors & Products Tenda ch22

Tue, 31 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Title Tenda CH22 Parameter setcfm fromSetCfm stack-based overflow
First Time appeared Tenda
Tenda ch22 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:ch22_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ch22 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Ch22 Ch22 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-31T13:32:22.799Z

Reserved: 2026-03-30T13:33:09.607Z

Link: CVE-2026-5154

cve-icon Vulnrichment

Updated: 2026-03-31T13:32:15.841Z

cve-icon NVD

Status : Received

Published: 2026-03-30T23:17:04.830

Modified: 2026-03-30T23:17:04.830

Link: CVE-2026-5154

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:39:49Z

Weaknesses