CVE-2026-5152 identifies a stack-based buffer overflow vulnerability in the Tenda CH22 router firmware version 1.0.0.1. The flaw resides in the formCreateFileName function located in the /goform/createFileName endpoint, where improper handling of the fileNameMit argument allows an attacker to overflow the stack buffer. This vulnerability can be triggered remotely over the network without any authentication or user interaction, making it highly exploitable. The buffer overflow can lead to memory corruption, enabling an attacker to execute arbitrary code with elevated privileges on the device. The vulnerability has a CVSS 4.0 base score of 8.7, reflecting its high impact on confidentiality, integrity, and availability. The exploit is publicly available, increasing the likelihood of exploitation by threat actors. No patches or official fixes have been linked yet, which leaves affected devices exposed. The vulnerability is critical for environments relying on Tenda CH22 routers, especially in enterprise or ISP deployments where device compromise could lead to broader network infiltration or denial of service. The lack of required authentication and user interaction further amplifies the risk, as attackers can launch attacks remotely and autonomously.

The exploitation of CVE-2026-5152 can have severe consequences for organizations using Tenda CH22 devices. Successful attacks may result in full device compromise, allowing attackers to execute arbitrary code, disrupt network services, or pivot to internal networks. This can lead to loss of confidentiality through data interception or manipulation, integrity breaches by altering device configurations or firmware, and availability issues due to device crashes or denial of service. The vulnerability's remote and unauthenticated nature means attackers can exploit it from anywhere, increasing the attack surface. Critical infrastructure, ISPs, and enterprises relying on these devices for network connectivity are particularly vulnerable. The public availability of exploit code raises the risk of widespread attacks, including automated scanning and exploitation campaigns. Additionally, compromised devices could be leveraged for botnets or lateral movement within networks, amplifying the threat impact.

1. Immediate mitigation should include isolating affected Tenda CH22 devices from untrusted networks to reduce exposure. 2. Monitor network traffic for unusual activity targeting the /goform/createFileName endpoint or suspicious payloads manipulating fileNameMit parameters. 3. Implement network-level filtering or intrusion prevention system (IPS) rules to detect and block exploitation attempts targeting this vulnerability. 4. Contact Tenda support or check official channels regularly for firmware updates or patches addressing CVE-2026-5152 and apply them promptly once available. 5. If patching is delayed, consider deploying compensating controls such as disabling remote management interfaces or restricting access to trusted IP addresses only. 6. Conduct thorough audits of affected devices to detect signs of compromise or unauthorized changes. 7. Educate network administrators about this vulnerability and ensure incident response plans include steps to handle potential exploitation. 8. Employ network segmentation to limit the impact of a compromised device on the broader network environment.