ID

VAR-202604-2496


CVE

CVE-2026-5962


TITLE

Shenzhen Tenda Technology Co.,Ltd. of ch22  Path traversal vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013804

DESCRIPTION

A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The exploit has already been exposed and is at risk of being misused.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-5962 // JVNDB: JVNDB-2026-013804

AFFECTED PRODUCTS

vendor:tendamodel:ch22scope:eqversion:1.0.0.6\(468\)

Trust: 1.0

vendor:tendamodel:ch22scope:eqversion:ch22 firmware 1.0.0.6¥(468¥)

Trust: 0.8

vendor:tendamodel:ch22scope: - version: -

Trust: 0.8

vendor:tendamodel:ch22scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-013804 // NVD: CVE-2026-5962

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-5962
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2026-5962
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2026-013804
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2026-5962
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-013804
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-5962
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-5962
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-013804
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013804 // NVD: CVE-2026-5962 // NVD: CVE-2026-5962

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013804 // NVD: CVE-2026-5962

PATCH

title://vuldb.com/vuln/356515url:https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_55/README.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-013804

EXTERNAL IDS

db:NVDid:CVE-2026-5962

Trust: 2.6

db:JVNDBid:JVNDB-2026-013804

Trust: 0.8

sources: JVNDB: JVNDB-2026-013804 // NVD: CVE-2026-5962

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/vuln/356515

Trust: 1.0

url:https://vuldb.com/submit/791277

Trust: 1.0

url:https://vuldb.com/vuln/356515/cti

Trust: 1.0

url:https://github.com/litengzheng/vuldb_new/blob/main/ch22/vul_55/readme.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-5962

Trust: 0.8

sources: JVNDB: JVNDB-2026-013804 // NVD: CVE-2026-5962

SOURCES

db:JVNDBid:JVNDB-2026-013804
db:NVDid:CVE-2026-5962

LAST UPDATE DATE

2026-06-19T23:40:13.519000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013804date:2026-05-01T01:43:00
db:NVDid:CVE-2026-5962date:2026-04-30T15:38:43.107

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013804date:2026-05-01T00:00:00
db:NVDid:CVE-2026-5962date:2026-04-09T17:16:35.037