CVE-2026-5153 identifies a command injection vulnerability in the Tenda CH22 router, specifically in firmware version 1.0.0.1. The vulnerability resides in the FormWriteFacMac function, which processes input from the /goform/WriteFacMac endpoint. The 'mac' argument is not properly sanitized, allowing an attacker to inject and execute arbitrary system commands remotely. This flaw can be exploited without requiring authentication or user interaction, increasing the risk of remote compromise. The vulnerability affects the device's integrity and availability by potentially allowing attackers to execute malicious commands, alter device configurations, or disrupt network operations. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L, indicating low privileges but some level of access), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Although no patches or official fixes have been released, the exploit code has been published, increasing the risk of exploitation. The vulnerability is categorized as medium severity due to the partial impact and the requirement of some privilege level, but the remote exploitability and lack of user interaction make it a significant concern for affected users.

The primary impact of CVE-2026-5153 is the potential for remote attackers to execute arbitrary commands on affected Tenda CH22 routers, leading to unauthorized control over the device. This can result in compromised device integrity, unauthorized configuration changes, and potential denial of service if critical system functions are disrupted. For organizations, this could mean network outages, interception or manipulation of network traffic, and use of compromised routers as pivot points for further attacks within internal networks. The medium CVSS score reflects moderate impact, but the ease of remote exploitation without user interaction or authentication elevates the risk. Enterprises relying on Tenda CH22 devices in their network infrastructure could face operational disruptions and increased exposure to lateral movement by attackers. The absence of patches and the public availability of exploit code further increase the urgency to address this vulnerability.

1. Immediately isolate affected Tenda CH22 devices from critical network segments to reduce exposure. 2. Monitor network traffic for unusual activity or unauthorized access attempts targeting the /goform/WriteFacMac endpoint. 3. Implement network-level access controls such as firewall rules to restrict access to the router management interface from untrusted networks. 4. Disable remote management features if not required, or restrict management access to trusted IP addresses only. 5. Regularly audit router configurations and logs for signs of compromise or unauthorized command execution. 6. Engage with Tenda support or vendor channels to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 7. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting known exploit patterns for this vulnerability. 8. As a longer-term measure, evaluate the use of alternative network devices with stronger security postures if patches are delayed or unavailable.