CVE-2025-15076 identifies a path traversal vulnerability in the Tenda CH22 router firmware version 1.0.0.1. The vulnerability arises from insufficient validation of user-supplied input in an unspecified function related to the /public/ directory, allowing an attacker to traverse directories and access files outside the intended directory scope. This can be exploited remotely without any authentication or user interaction, making it highly accessible to attackers. The path traversal flaw can lead to unauthorized disclosure of sensitive files, potential modification of configuration files, or disruption of device functionality, impacting confidentiality, integrity, and availability. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Although no exploits have been observed in the wild, public availability of exploit code increases the likelihood of attacks. The lack of a patch or official mitigation guidance from Tenda at this time necessitates immediate defensive measures by users. Given the device’s role in network infrastructure, exploitation could facilitate lateral movement or data exfiltration within affected networks.

For European organizations, this vulnerability poses a moderate risk primarily due to the widespread use of Tenda networking devices in small to medium enterprises and residential environments. Exploitation could lead to unauthorized access to sensitive configuration files or user data stored on the device, potentially enabling attackers to pivot into internal networks or disrupt network availability. Critical sectors such as telecommunications, manufacturing, and public administration that rely on Tenda CH22 for network connectivity may face operational disruptions or data breaches. The remote and unauthenticated nature of the exploit increases the attack surface, especially for organizations with exposed management interfaces or insufficient network segmentation. While the impact is medium severity, the presence of public exploit code elevates the urgency for mitigation to prevent exploitation attempts that could lead to broader compromise or espionage activities targeting European entities.

1. Immediately isolate Tenda CH22 devices from direct internet exposure by placing them behind firewalls or VPNs to restrict remote access. 2. Disable any unnecessary services or interfaces, particularly those exposing the /public/ directory or management portals. 3. Implement strict network segmentation to limit lateral movement if a device is compromised. 4. Monitor network traffic and device logs for unusual access patterns or attempts to exploit path traversal. 5. Regularly audit device configurations and firmware versions to identify vulnerable units. 6. Engage with Tenda support channels to obtain any forthcoming patches or official mitigation advice. 7. Where possible, replace vulnerable devices with updated models or alternative vendors that have addressed this vulnerability. 8. Educate IT staff on the risks of path traversal vulnerabilities and ensure incident response plans include scenarios involving network device compromise.