How to fix CVE-2025-5685?

Within 24 hours: Inventory all Tenda CH22 devices and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict access to the vulnerable management interface and deploy WAF rules to block malicious requests to /goform/Natlimit. Within 30 days: Develop a device replacement plan; contact Tenda for patch availability and timeline or begin procurement of alternative router solutions.

Is Ch22 Firmware affected by CVE-2025-5685?

A critical remote code execution vulnerability affects Tenda CH22 routers with no available patch, allowing unauthenticated attackers to compromise network infrastructure.

CVE-2025-5685

EUVD-2025-17025 HIGH

2025-06-05 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:53 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:53 euvd

EUVD-2025-17025

PoC Detected

Jun 10, 2025 - 15:01 vuln.today

Public exploit code

CVE Published

Jun 05, 2025 - 20:15 nvd

HIGH 8.8

Description

A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical stack-based buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1, affecting the formNatlimit function in the /goform/Natlimit endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets active exploitation criteria.

Technical Context

The vulnerability exists in a network routing device's web interface firmware. The affected endpoint /goform/Natlimit handles Network Address Translation (NAT) limit configuration. The formNatlimit function fails to properly validate the length of the 'page' input parameter before copying it to a stack-allocated buffer (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, a classic stack buffer overflow). CPE mapping: cpe:2.3:o:tenda:ch22_firmware:1.0.0.1:*:*:*:*:*:*:*. The stack-based nature of this overflow allows attackers to overwrite the return address and achieve code execution. This is characteristic of embedded router firmware vulnerabilities where input validation is often minimal and memory protections (ASLR, stack canaries) may be absent.

Affected Products

Tenda CH22 (['1.0.0.1'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +44

POC: +20

CVE-2025-5685 vulnerability details – vuln.today

Back

CVE-2025-5685

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-5685

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code