CVE-2026-5604 - Vulnerability Details

- Tenda CH22 Parameter CertLocalPrecreate formCertLocalPrecreate stack-based overflow

Description

A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

Published: 2026-04-05

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a stack-based buffer overflow in the formCertLocalPrecreate function of the Parameter Handler module in Tenda CH22 firmware. By manipulating the standard argument of the /goform/CertLocalPrecreate endpoint, an attacker can trigger the overrun and achieve arbitrary code execution on the device. The flaw permits remote exploitation, allowing a threat actor to target the router from outside the local network without authentication.

Affected Systems

This issue affects the Tenda CH22 router running firmware version 1.0.0.1. The vulnerability resides in the Parameter Handler component’s web interface, exposed through the /goform/CertLocalPrecreate URI. No other firmware releases are listed as impacted.

Risk and Exploitability

The CVSS base score of 8.7 indicates high severity. The exploit has been publicly released and may be used by attackers, though the EPSS score is not available and the vulnerability is not currently listed in CISA’s KEV catalog. Exploitation requires network connectivity to the device’s web management interface; once the buffer overflow is triggered, an attacker can execute arbitrary code with system privileges on the router.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tenda

CH22

affected

Version	Status	Constraints
`1.0.0.1`	affected	—

No data.

Vendor Product Confidence Versions

Tenda

Ch22

100%

Version	Status	Scheme	Platform
`1.0.0.1`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Obtain and install the latest firmware update for the Tenda CH22 from the vendor’s official website.
If a critical patch is not yet available, block external access to the /goform/CertLocalPrecreate endpoint using a firewall or router ACLs.
Verify that the router’s firmware is no longer the vulnerable 1.0.0.1 version and that the web management interface is protected with a strong password.
Monitor network traffic for suspicious activity to the /goform/CertLocalPrecreate path and set alerts for outbound connections from the device.

Generated by OpenCVE AI on April 6, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00048.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_52/README.md
https://vuldb.com/submit/785032
https://vuldb.com/vuln/355396
https://vuldb.com/vuln/355396/cti
https://www.tenda.com.cn/

History

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda ch22
Vendors & Products		Tenda ch22

Mon, 06 Apr 2026 20:00:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Sun, 05 Apr 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
Title		Tenda CH22 Parameter CertLocalPrecreate formCertLocalPrecreate stack-based overflow
First Time appeared		Tenda Tenda ch22 Firmware
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:o:tenda:ch22_firmware::::::::
Vendors & Products		Tenda Tenda ch22 Firmware
References		https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_52/README.md https://vuldb.com/submit/785032 https://vuldb.com/vuln/355396 https://vuldb.com/vuln/355396/cti https://www.tenda.com.cn/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Tenda Ch22 Ch22 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-05T22:45:12.714Z

Updated: 2026-04-06T18:20:21.449Z

Reserved: 2026-04-05T13:59:53.852Z

Link: CVE-2026-5604

Vulnrichment

Updated: 2026-04-06T18:20:15.656Z

NVD

Status : Awaiting Analysis

Published: 2026-04-05T23:16:20.593

Modified: 2026-04-07T13:20:35.010

Link: CVE-2026-5604

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-06T21:48:03Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object