Skip to main content

Tenda CH22 CVE-2025-12235

HIGH
Buffer Overflow (CWE-119)
2025-10-27 cna@vuldb.com
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 29, 2026 - 01:16 vuln.today

DescriptionCVE.org

A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used.

AnalysisAI

Buffer overflow in Tenda CH22 router firmware 1.0.0.1 allows authenticated attackers on the adjacent network to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability exists in the fromSetIpBind function accessible via /goform/SetIpBind endpoint when processing the 'page' parameter. A public proof-of-concept exploit has been published on GitHub, lowering the barrier to exploitation, though no active exploitation has been confirmed by CISA KEV at time of analysis.

Technical ContextAI

This vulnerability affects the fromSetIpBind function in Tenda CH22 router firmware version 1.0.0.1, accessible through the /goform/SetIpBind web interface endpoint. The root cause is CWE-119 (Improper Restriction on Operations within the Bounds of a Memory Buffer), specifically a classic buffer overflow condition when the router processes the 'page' parameter without proper bounds checking. When oversized input is provided to this parameter, it overwrites adjacent memory regions, enabling control of program execution flow. This type of vulnerability is common in embedded device firmware written in memory-unsafe languages like C, particularly in older router models where input validation on web management interfaces may be insufficient. The affected product is a Tenda wireless router, and the vulnerable code resides in the IP binding configuration functionality, which typically allows administrators to map MAC addresses to static IP assignments.

RemediationAI

No vendor-released patch or updated firmware version has been identified in available data sources at time of analysis. Until Tenda releases firmware updates, implement these compensating controls: (1) Restrict access to the router's web management interface to trusted administrator IP addresses only using firewall rules or access control lists - this prevents exploitation from guest networks or compromised IoT devices on the same LAN segment; (2) Change default administrative credentials to strong unique passwords to raise the authentication barrier (PR:L requirement); (3) Disable remote management features and ensure management interface is only accessible from trusted wired connections, not wireless networks; (4) Segment the network so that guest/IoT devices cannot reach the router management interface on adjacent network segments; (5) Monitor router logs for unusual access patterns to /goform/SetIpBind endpoint. Note that access restrictions may impact legitimate remote administration workflows. Organizations with high-risk exposure should consider replacing affected devices with alternative router models that receive active security updates, as Tenda's patch release timeline is unknown. Check https://www.tenda.com.cn/ periodically for firmware updates.

CVE-2024-46045 CRITICAL POC
9.8 Sep 13

Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. Rated critical severi

CVE-2024-46044 CRITICAL POC
9.8 Sep 13

CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. Rated critical severity (C

CVE-2025-5619 HIGH POC
8.8 Jun 04

Critical stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 affecting the /goform/addUserName endpo

CVE-2025-5685 HIGH POC
8.8 Jun 05

Critical stack-based buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1, affecting the formNatl

CVE-2025-15076 MEDIUM POC
5.5 Dec 25

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a

CVE-2025-9812 HIGH
7.4 Sep 02

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp

CVE-2025-13400 HIGH POC
7.4 Nov 19

A vulnerability was detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely explo

CVE-2025-13288 HIGH POC
7.4 Nov 17

A security vulnerability has been detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is

CVE-2025-11117 HIGH POC
7.4 Sep 28

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp

CVE-2025-9813 HIGH
7.4 Sep 02

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp

CVE-2025-9748 HIGH POC
8.7 Aug 31

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exp

CVE-2025-9443 HIGH POC
7.4 Aug 26

A flaw has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable,

Share

CVE-2025-12235 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy