{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/ch22-1.0.0.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-15543"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["CH22 1.0.0.1"],"_cs_severities":["critical"],"_cs_tags":["cve","vulnerability","buffer-overflow","remote-code-execution","network-device"],"_cs_type":"advisory","_cs_vendors":["Tenda"],"content_html":"\u003cp\u003eA severe buffer overflow vulnerability, identified as CVE-2026-15543, has been discovered in the firmware of Tenda CH22 1.0.0.1 devices. This flaw specifically impacts the \u003ccode\u003eformCertListInfo\u003c/code\u003e function located within the \u003ccode\u003e/goform/CertListInfo\u003c/code\u003e file. By crafting a malicious input to the 'Name' argument, a remote attacker can trigger a buffer overflow, which can lead to arbitrary code execution on the vulnerable device. This vulnerability does not require authentication and can be exploited remotely, posing a significant risk to affected systems. The existence of a publicly available exploit escalates the urgency for immediate patching, as it significantly lowers the barrier for attackers to compromise these devices. Defenders must prioritize patching to prevent unauthorized control and potential network compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated remote attacker identifies a Tenda CH22 1.0.0.1 device accessible over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a specially designed HTTP request targeting the \u003ccode\u003e/goform/CertListInfo\u003c/code\u003e endpoint on the vulnerable device.\u003c/li\u003e\n\u003cli\u003eThe request includes a malformed or excessively long value in the 'Name' argument, intended to exceed the allocated buffer size.\u003c/li\u003e\n\u003cli\u003eUpon processing this request, the \u003ccode\u003eformCertListInfo\u003c/code\u003e function attempts to handle the oversized 'Name' argument, resulting in a buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow corrupts adjacent memory, allowing the attacker to inject and execute arbitrary code on the device.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation grants the attacker full control over the compromised Tenda CH22 device, potentially enabling further network penetration or data exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15543 results in full remote code execution on the affected Tenda CH22 1.0.0.1 device. This allows attackers to gain complete control, potentially altering device configurations, installing malicious firmware, creating backdoors, or using the device as a pivot point for further attacks within the connected network. Given that the vulnerability is remotely exploitable and a public exploit is available, many devices could be at high risk of compromise by a wide range of threat actors. Organizations using Tenda CH22 devices must act swiftly to prevent unauthorized access and potential data breaches or service disruptions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch Tenda CH22 devices to a version where CVE-2026-15543 is remediated.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual connections originating from or destined for Tenda CH22 devices, potentially indicating exploitation attempts for CVE-2026-15543.\u003c/li\u003e\n\u003cli\u003eIf patching is not immediately feasible, restrict network access to Tenda CH22 devices from untrusted networks to mitigate remote exploitation attempts for CVE-2026-15543.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-13T08:17:56Z","date_published":"2026-07-13T08:17:56Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-15543-tenda-rce/","summary":"A critical buffer overflow vulnerability, CVE-2026-15543, exists in the Tenda CH22 1.0.0.1 firmware's `formCertListInfo` function, allowing unauthenticated remote attackers to achieve arbitrary code execution by manipulating the 'Name' argument, with a public exploit available.","title":"Critical Buffer Overflow in Tenda CH22 Leads to Remote Code Execution (CVE-2026-15543)","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-15543-tenda-rce/"}],"language":"en","title":"CraftedSignal Threat Feed - CH22 1.0.0.1","version":"https://jsonfeed.org/version/1.1"}