{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-7036/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7036"}],"_cs_exploited":false,"_cs_products":["i9"],"_cs_severities":["high"],"_cs_tags":["cve-2026-7036","path-traversal","tenda","network"],"_cs_type":"advisory","_cs_vendors":["Tenda"],"content_html":"\u003cp\u003eA path traversal vulnerability, identified as CVE-2026-7036, exists in Tenda i9 version 1.0.0.5(2204). Specifically, the vulnerability resides in the R7WebsSecurityHandlerfunction of the HTTP Handler component. This flaw allows a remote, unauthenticated attacker to potentially access sensitive files and directories on the affected device. The vulnerability was reported on 2026-04-26, and a public exploit is reportedly available, increasing the risk of exploitation. This poses a significant threat to organizations using the affected Tenda i9 router, as it could lead to unauthorized access to sensitive information or system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a Tenda i9 router running firmware version 1.0.0.5(2204) accessible over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the vulnerable R7WebsSecurityHandlerfunction.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a path traversal sequence (e.g., \u0026ldquo;../\u0026rdquo;) within the URL or request parameters.\u003c/li\u003e\n\u003cli\u003eThe Tenda i9 router processes the malicious request without proper sanitization of the path.\u003c/li\u003e\n\u003cli\u003eThe R7WebsSecurityHandlerfunction incorrectly interprets the path traversal sequence, allowing access to files or directories outside the intended web root.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive files, such as configuration files or system logs.\u003c/li\u003e\n\u003cli\u003eThe attacker may use the exposed information to further compromise the device or the network it is connected to.\u003c/li\u003e\n\u003cli\u003eThe attacker could potentially modify system files or execute commands, leading to full device compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7036 can lead to unauthorized access to sensitive files on the Tenda i9 router. This includes configuration files containing credentials, system logs, or other confidential data. An attacker could leverage this access to gain further control of the device, potentially leading to a complete system compromise. While the number of affected devices is currently unknown, given the widespread use of Tenda routers, the potential impact could be significant.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect HTTP requests containing path traversal sequences targeting web servers to detect exploitation attempts (Sigma rule: \u0026ldquo;Detect Tenda i9 Path Traversal Attempt\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eSince the source mentions a public exploit exists, prioritize patching or replacing vulnerable Tenda i9 routers to remediate CVE-2026-7036 immediately, if a patch becomes available.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual file access patterns or requests containing suspicious path traversal sequences.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to block requests containing path traversal sequences.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-26T12:16:22Z","date_published":"2026-04-26T12:16:22Z","id":"/briefs/2026-04-tenda-path-traversal/","summary":"CVE-2026-7036 is a path traversal vulnerability affecting the R7WebsSecurityHandlerfunction in the HTTP Handler component of Tenda i9 version 1.0.0.5(2204), allowing remote attackers to access sensitive files.","title":"Tenda i9 Path Traversal Vulnerability (CVE-2026-7036)","url":"https://feed.craftedsignal.io/briefs/2026-04-tenda-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-7036","version":"https://jsonfeed.org/version/1.1"}