CVE-2026-5153
HIGH WAF: High
CVSS 8.8
Published: 2026-03-30
CWE-77 CWE-77
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.
WAF Coverage Analysis
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| tenda | ch22_firmware | 1.0.0.1 |
References
- github.com (Exploit, Third Party Advisory)
- vuldb.com (Third Party Advisory, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)
- vuldb.com (Permissions Required, VDB Entry)
- www.tenda.com.cn (Product)