CVE-2026-5605
Remote Stack-Based Buffer Overflow in Tenda CH22 /goform/WrlExtraSet
Publication date: 2026-04-06
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ch22_firmware | 1.0.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5605 is a stack-based buffer overflow vulnerability found in the Tenda CH22 device, version 1.0.0.1. It exists in the function formWrlExtraSet within the file /goform/WrlExtraSet, specifically in the handling of the user-supplied parameter "GO".
The vulnerability occurs because the "GO" parameter is passed to a function that uses sprintf to copy it into a fixed-size stack buffer without validating the length of the input. This unchecked copying can overflow the buffer.
An attacker can exploit this by sending a specially crafted HTTP POST request with an excessively long "GO" parameter to the /goform/WrlExtraSet endpoint, causing the overflow.
This overflow can lead to denial of service or remote code execution on the device.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to remotely execute arbitrary code on the affected Tenda CH22 device or cause it to crash, resulting in denial of service.
This means an attacker could potentially take control of the device, disrupt its normal operation, or use it as a foothold to attack other devices on the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted HTTP POST request to the endpoint /goform/WrlExtraSet with an excessively long "GO" parameter. Monitoring for such unusual POST requests or attempts to access this endpoint with large payloads can help identify exploitation attempts.
A practical detection method is to use curl or similar HTTP tools to test the endpoint with a large payload in the "GO" parameter and observe the device's response.
- curl -X POST http://<device-ip>/goform/WrlExtraSet -d "GO=$(python3 -c 'print("A"*1000)')"
- Monitor network traffic for POST requests to /goform/WrlExtraSet with unusually large "GO" parameters.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable device's management interface to trusted networks only, such as internal networks or VPNs.
Additionally, monitoring and blocking suspicious HTTP POST requests to /goform/WrlExtraSet with large payloads can help prevent exploitation.
Applying any available firmware updates from the vendor that address this vulnerability is strongly recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-5605 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.