Tenda CH22
CVE-2025-12235
HIGH
Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used.
AnalysisAI
Buffer overflow in Tenda CH22 router firmware 1.0.0.1 allows authenticated attackers on the adjacent network to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability exists in the fromSetIpBind function accessible via /goform/SetIpBind endpoint when processing the 'page' parameter. A public proof-of-concept exploit has been published on GitHub, lowering the barrier to exploitation, though no active exploitation has been confirmed by CISA KEV at time of analysis.
Technical ContextAI
This vulnerability affects the fromSetIpBind function in Tenda CH22 router firmware version 1.0.0.1, accessible through the /goform/SetIpBind web interface endpoint. The root cause is CWE-119 (Improper Restriction on Operations within the Bounds of a Memory Buffer), specifically a classic buffer overflow condition when the router processes the 'page' parameter without proper bounds checking. When oversized input is provided to this parameter, it overwrites adjacent memory regions, enabling control of program execution flow. This type of vulnerability is common in embedded device firmware written in memory-unsafe languages like C, particularly in older router models where input validation on web management interfaces may be insufficient. The affected product is a Tenda wireless router, and the vulnerable code resides in the IP binding configuration functionality, which typically allows administrators to map MAC addresses to static IP assignments.
RemediationAI
No vendor-released patch or updated firmware version has been identified in available data sources at time of analysis. Until Tenda releases firmware updates, implement these compensating controls: (1) Restrict access to the router's web management interface to trusted administrator IP addresses only using firewall rules or access control lists - this prevents exploitation from guest networks or compromised IoT devices on the same LAN segment; (2) Change default administrative credentials to strong unique passwords to raise the authentication barrier (PR:L requirement); (3) Disable remote management features and ensure management interface is only accessible from trusted wired connections, not wireless networks; (4) Segment the network so that guest/IoT devices cannot reach the router management interface on adjacent network segments; (5) Monitor router logs for unusual access patterns to /goform/SetIpBind endpoint. Note that access restrictions may impact legitimate remote administration workflows. Organizations with high-risk exposure should consider replacing affected devices with alternative router models that receive active security updates, as Tenda's patch release timeline is unknown. Check https://www.tenda.com.cn/ periodically for firmware updates.
More in Ch22 Firmware
View allTenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. Rated critical severi
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. Rated critical severity (C
Critical stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 affecting the /goform/addUserName endpo
Critical stack-based buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1, affecting the formNatl
A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a
A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp
A vulnerability was detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely explo
A security vulnerability has been detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is
A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp
A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp
A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exp
A flaw has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable,
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today