Sign-up

ID

VAR-202604-3232


CVE

CVE-2026-7036


TITLE

Shenzhen Tenda Technology Co.,Ltd. of i9  Path traversal vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013759

DESCRIPTION

A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-7036 // JVNDB: JVNDB-2026-013759

AFFECTED PRODUCTS

vendor:tendamodel:i9scope:eqversion:1.0.0.5\(2204\)

Trust: 1.0

vendor:tendamodel:i9scope:eqversion:i9 firmware 1.0.0.5¥(2204¥)

Trust: 0.8

vendor:tendamodel:i9scope:eqversion: -

Trust: 0.8

vendor:tendamodel:i9scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-013759 // NVD: CVE-2026-7036

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-7036
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2026-7036
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2026-013759
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2026-7036
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-013759
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-7036
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-7036
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-013759
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013759 // NVD: CVE-2026-7036 // NVD: CVE-2026-7036

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013759 // NVD: CVE-2026-7036

PATCH

title://vuldb.com/vuln/359616url:https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_80/README.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-013759

EXTERNAL IDS

db:NVDid:CVE-2026-7036

Trust: 2.6

db:JVNDBid:JVNDB-2026-013759

Trust: 0.8

sources: JVNDB: JVNDB-2026-013759 // NVD: CVE-2026-7036

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/submit/798479

Trust: 1.0

url:https://github.com/litengzheng/vuldb_new/blob/main/m3/vul_80/readme.md

Trust: 1.0

url:https://vuldb.com/vuln/359616/cti

Trust: 1.0

url:https://vuldb.com/vuln/359616

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-7036

Trust: 0.8

sources: JVNDB: JVNDB-2026-013759 // NVD: CVE-2026-7036

SOURCES

db:JVNDBid:JVNDB-2026-013759
db:NVDid:CVE-2026-7036

LAST UPDATE DATE

2026-06-19T23:48:54.496000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013759date:2026-05-01T01:41:00
db:NVDid:CVE-2026-7036date:2026-04-30T14:10:26.873

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013759date:2026-05-01T00:00:00
db:NVDid:CVE-2026-7036date:2026-04-26T12:16:22.987