<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>CH22 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/ch22/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 23 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/ch22/feed.xml" rel="self" type="application/rss+xml"/><item><title>Tenda CH22 Path Traversal Vulnerability (CVE-2026-5962)</title><link>https://feed.craftedsignal.io/briefs/2024-01-23-tenda-path-traversal/</link><pubDate>Tue, 23 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-23-tenda-path-traversal/</guid><description>A path traversal vulnerability exists in Tenda CH22 version 1.0.0.6(468), affecting the R7WebsSecurityHandler function within the httpd component, allowing remote attackers to access sensitive files.</description><content:encoded><![CDATA[<p>CVE-2026-5962 describes a path traversal vulnerability in Tenda CH22 router firmware version 1.0.0.6(468). The vulnerability resides within the <code>R7WebsSecurityHandler</code> function of the <code>httpd</code> component. This allows an unauthenticated, remote attacker to potentially read sensitive files on the device by manipulating the file paths in HTTP requests. The vulnerability was reported in April 2026, and public exploits are available, increasing the risk of exploitation. Routers are often exposed directly to the internet, making them prime targets for attackers looking to gain unauthorized access to internal networks or sensitive data.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>The attacker identifies a Tenda CH22 router running firmware version 1.0.0.6(468) accessible over the network.</li>
<li>The attacker crafts a malicious HTTP GET or POST request targeting the <code>httpd</code> service.</li>
<li>The request includes a manipulated URL containing path traversal sequences (e.g., <code>../</code>) within a filename parameter.</li>
<li>The <code>R7WebsSecurityHandler</code> function fails to properly sanitize the supplied path.</li>
<li>The <code>httpd</code> service processes the request and attempts to access the file specified by the attacker-controlled path.</li>
<li>Due to the path traversal vulnerability, the service accesses files outside the intended web directory.</li>
<li>The contents of the accessed file are returned in the HTTP response to the attacker.</li>
<li>The attacker obtains sensitive information, such as configuration files, credentials, or other system data.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of this path traversal vulnerability allows an attacker to read arbitrary files on the Tenda CH22 router. This can lead to the disclosure of sensitive information such as router configuration details, Wi-Fi passwords, or credentials for other services. This information can be used for further attacks, such as gaining unauthorized access to the network behind the router, or using the router as a foothold for lateral movement. The number of affected devices and users is currently unknown.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Monitor web server logs for suspicious URL requests containing path traversal sequences like <code>../</code> targeting Tenda CH22 devices based on the <code>webserver</code> category rule provided below.</li>
<li>Implement a web application firewall (WAF) rule to block requests containing path traversal attempts to mitigate the vulnerability as it exploits the <code>httpd</code> component.</li>
<li>Apply any available patches or firmware updates from Tenda to address CVE-2026-5962, if available.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>cve-2026-5962</category><category>path-traversal</category><category>tenda</category><category>router</category></item></channel></rss>