{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5156/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-5156"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-5156","buffer-overflow","tenda","router"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA stack-based buffer overflow vulnerability has been identified in Tenda CH22 router version 1.0.0.1. The vulnerability resides within the \u003ccode\u003eformQuickIndex\u003c/code\u003e function of the \u003ccode\u003e/goform/QuickIndex\u003c/code\u003e file, which is a component of the Parameter Handler. This flaw can be triggered by manipulating the \u003ccode\u003emit_linktype\u003c/code\u003e argument, leading to a buffer overflow on the stack. The vulnerability is remotely exploitable, meaning an attacker can trigger the flaw over the network without needing local access to the device. The existence of a public exploit further increases the risk of potential exploitation by malicious actors. Successful exploitation could allow an attacker to execute arbitrary code on the device.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable Tenda CH22 router running firmware version 1.0.0.1 exposed to the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u003ccode\u003e/goform/QuickIndex\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes the \u003ccode\u003emit_linktype\u003c/code\u003e argument with a payload exceeding the expected buffer size.\u003c/li\u003e\n\u003cli\u003eThe Tenda CH22 router processes the HTTP request and passes the \u003ccode\u003emit_linktype\u003c/code\u003e argument to the \u003ccode\u003eformQuickIndex\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eformQuickIndex\u003c/code\u003e function copies the attacker-controlled \u003ccode\u003emit_linktype\u003c/code\u003e data into a fixed-size buffer on the stack without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eDue to the oversized payload, the copy operation overflows the buffer, overwriting adjacent memory on the stack, including the return address.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eformQuickIndex\u003c/code\u003e function completes and attempts to return to the caller function.\u003c/li\u003e\n\u003cli\u003eDue to the overwritten return address, control is redirected to attacker-controlled code, enabling arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary code on the Tenda CH22 router. This can lead to a variety of malicious outcomes, including complete device compromise, denial of service, and the potential to use the router as a launchpad for further attacks on the local network or the internet. Given that routers are often used in both home and small business environments, a successful attack could affect a wide range of users and organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for POST requests to \u003ccode\u003e/goform/QuickIndex\u003c/code\u003e with unusually long \u003ccode\u003emit_linktype\u003c/code\u003e parameters to detect potential exploitation attempts. Implement the Sigma rule \u003ccode\u003eDetect Tenda CH22 mit_linktype Buffer Overflow Attempt\u003c/code\u003e against web server logs.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on the \u003ccode\u003e/goform/QuickIndex\u003c/code\u003e endpoint to mitigate potential denial-of-service attacks stemming from exploitation.\u003c/li\u003e\n\u003cli\u003eSince the source material identifies CWE-119 and CWE-121 as root causes, review code practices related to buffer handling and implement stricter input validation procedures.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-31T00:16:15Z","date_published":"2026-03-31T00:16:15Z","id":"/briefs/2026-03-tenda-ch22-overflow/","summary":"A stack-based buffer overflow vulnerability exists in Tenda CH22 1.0.0.1 via manipulation of the `mit_linktype` argument in the `/goform/QuickIndex` endpoint, potentially enabling remote code execution.","title":"Tenda CH22 Router Stack-Based Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-tenda-ch22-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5156","version":"https://jsonfeed.org/version/1.1"}