Tenda i12 1.0.0.11 HTTP Handler Path Traversal Remote
CVE-2026-5849 Published on April 9, 2026

Tenda i12 HTTP path traversal
A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

NVD

Timeline

2026-04-08

Advisory disclosed

2026-04-08

VulDB entry created

2026-04-08

VulDB entry last update

Weakness Type

What is a Directory traversal Vulnerability?

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE-2026-5849 has been classified to as a Directory traversal vulnerability or weakness.

Products Associated with CVE-2026-5849

Want to know whenever a new CVE is published for Tenda I12 Firmware? stack.watch will email you.

Tenda I12 Firmware

Affected Versions

Tenda i12 Version 1.0.0.11(3862) is affected by CVE-2026-5849

Tenda i12 1.0.0.11 HTTP Handler Path Traversal RemoteCVE-2026-5849 Published on April 9, 2026

Timeline

Weakness Type

What is a Directory traversal Vulnerability?

Products Associated with CVE-2026-5849

Affected Versions

Tenda i12 1.0.0.11 HTTP Handler Path Traversal Remote
CVE-2026-5849 Published on April 9, 2026