{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5962/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5962"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["CH22"],"_cs_severities":["high"],"_cs_tags":["cve-2026-5962","path-traversal","tenda","router"],"_cs_type":"advisory","_cs_vendors":["Tenda"],"content_html":"\u003cp\u003eCVE-2026-5962 describes a path traversal vulnerability in Tenda CH22 router firmware version 1.0.0.6(468). The vulnerability resides within the \u003ccode\u003eR7WebsSecurityHandler\u003c/code\u003e function of the \u003ccode\u003ehttpd\u003c/code\u003e component. This allows an unauthenticated, remote attacker to potentially read sensitive files on the device by manipulating the file paths in HTTP requests. The vulnerability was reported in April 2026, and public exploits are available, increasing the risk of exploitation. Routers are often exposed directly to the internet, making them prime targets for attackers looking to gain unauthorized access to internal networks or sensitive data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a Tenda CH22 router running firmware version 1.0.0.6(468) accessible over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET or POST request targeting the \u003ccode\u003ehttpd\u003c/code\u003e service.\u003c/li\u003e\n\u003cli\u003eThe request includes a manipulated URL containing path traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e) within a filename parameter.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eR7WebsSecurityHandler\u003c/code\u003e function fails to properly sanitize the supplied path.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ehttpd\u003c/code\u003e service processes the request and attempts to access the file specified by the attacker-controlled path.\u003c/li\u003e\n\u003cli\u003eDue to the path traversal vulnerability, the service accesses files outside the intended web directory.\u003c/li\u003e\n\u003cli\u003eThe contents of the accessed file are returned in the HTTP response to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker obtains sensitive information, such as configuration files, credentials, or other system data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability allows an attacker to read arbitrary files on the Tenda CH22 router. This can lead to the disclosure of sensitive information such as router configuration details, Wi-Fi passwords, or credentials for other services. This information can be used for further attacks, such as gaining unauthorized access to the network behind the router, or using the router as a foothold for lateral movement. The number of affected devices and users is currently unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious URL requests containing path traversal sequences like \u003ccode\u003e../\u003c/code\u003e targeting Tenda CH22 devices based on the \u003ccode\u003ewebserver\u003c/code\u003e category rule provided below.\u003c/li\u003e\n\u003cli\u003eImplement a web application firewall (WAF) rule to block requests containing path traversal attempts to mitigate the vulnerability as it exploits the \u003ccode\u003ehttpd\u003c/code\u003e component.\u003c/li\u003e\n\u003cli\u003eApply any available patches or firmware updates from Tenda to address CVE-2026-5962, if available.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-23T12:00:00Z","date_published":"2024-01-23T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-23-tenda-path-traversal/","summary":"A path traversal vulnerability exists in Tenda CH22 version 1.0.0.6(468), affecting the R7WebsSecurityHandler function within the httpd component, allowing remote attackers to access sensitive files.","title":"Tenda CH22 Path Traversal Vulnerability (CVE-2026-5962)","url":"https://feed.craftedsignal.io/briefs/2024-01-23-tenda-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed - Cve-2026-5962","version":"https://jsonfeed.org/version/1.1"}