Tenda CH22 public path traversal

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

Problem type

Path Traversal

Affected products

Tenda

CH22

1.0.0.1 - AFFECTED

References

VDB-338333 | Tenda CH22 public path traversal

https://vuldb.com/?id.338333

vdb-entry

VDB-338333 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.338333

signaturepermissions-required

Submit #721411 | Tenda CH22 V1.0.0.1 Authentication Bypass Issues

https://vuldb.com/?submit.721411

third-party-advisory

github.com

https://github.com/master-abc/cve/blob/main/Tenda%20CH22%20V1.0.0.1%20Router%20Authentication%20Bypass%20Vulnerability%20in%20R7WebsSecurityHandler%20function.md

exploit

tenda.com.cn

https://www.tenda.com.cn/

product

GitHub Security Advisories

GHSA-rf7c-qh7c-23vw

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file...

https://github.com/advisories/GHSA-rf7c-qh7c-23vw

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-15076

github.com

https://github.com/master-abc/cve/blob/main/Tenda%20CH22%20V1.0.0.1%20Router%20Authentication%20Bypass%20Vulnerability%20in%20R7WebsSecurityHandler%20function.md

vuldb.com

https://vuldb.com/?ctiid.338333

vuldb.com

https://vuldb.com/?id.338333

vuldb.com

https://vuldb.com/?submit.721411

tenda.com.cn

https://www.tenda.com.cn

github.com

https://github.com/advisories/GHSA-rf7c-qh7c-23vw

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-15076

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-15076",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2025-12-26T16:33:52.331Z",
    "dateReserved": "2025-12-24T16:54:32.752Z",
    "datePublished": "2025-12-25T03:32:06.775Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2025-12-25T03:32:06.775Z"
      },
      "title": "Tenda CH22 public path traversal",
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be exploited."
        }
      ],
      "affected": [
        {
          "vendor": "Tenda",
          "product": "CH22",
          "versions": [
            {
              "version": "1.0.0.1",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Path Traversal",
              "cweId": "CWE-22",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.338333",
          "name": "VDB-338333 | Tenda CH22 public path traversal",
          "tags": [
            "vdb-entry"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.338333",
          "name": "VDB-338333 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.721411",
          "name": "Submit #721411 | Tenda CH22 V1.0.0.1 Authentication Bypass Issues",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/master-abc/cve/blob/main/Tenda%20CH22%20V1.0.0.1%20Router%20Authentication%20Bypass%20Vulnerability%20in%20R7WebsSecurityHandler%20function.md",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.tenda.com.cn/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 7.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2025-12-24T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2025-12-24T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2025-12-24T17:59:38.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jiefengliang (VulDB User)",
          "type": "reporter"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2025-12-26T16:33:52.331Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}