CVE-2026-5153

MediumPublic PoC

Published: 30 March 2026

Published

30 March 2026

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0104 77.5th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit…

has been published and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of inputs like the 'mac' argument in /goform/WriteFacMac to neutralize special elements and prevent command injection.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of known flaws such as this command injection vulnerability through timely patching of the Tenda CH22 firmware.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Vulnerability scanning identifies command injection flaws like CVE-2026-5153 in the FormWriteFacMac function during periodic assessments.

Security SummaryAI

CVE-2026-5153 is a command injection vulnerability affecting Tenda CH22 firmware version 1.0.0.1. The flaw exists in the FormWriteFacMac function of the /goform/WriteFacMac file, where manipulation of the mac argument enables arbitrary command execution. Published on 2026-03-30, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and is linked to CWE-74 (Improper Neutralization of Special Elements) and CWE-77 (Command Injection).

The vulnerability is exploitable remotely by attackers possessing low privileges, requiring no user interaction. Successful exploitation grants limited access to execute commands, potentially compromising confidentiality, integrity, and availability to a low degree on the affected device.

Advisories referenced in VulDB (vuln/354185 and related pages) detail the issue and submission process, while a GitHub repository at Litengzheng/vuldb_new provides a published exploit for CH22 vul_60. The Tenda website is listed among references, though specific patch or mitigation guidance is not detailed in available sources.

Details

CWE(s): CWE-74 CWE-77

Affected Products

tenda

ch22 firmware

1.0.0.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

CVE enables remote command injection via public-facing web interface (T1190) on network device firmware, facilitating arbitrary command execution akin to Network Device CLI abuse (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_60/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/780204
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/354185
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/354185/cti
Permissions Required, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com