Skip to main content

Ch22 Firmware CVE-2025-5685

| EUVDEUVD-2025-17025 HIGH
Buffer Overflow (CWE-119)
2025-06-05 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:53 euvd
EUVD-2025-17025
Analysis Generated
Mar 14, 2026 - 17:53 vuln.today
PoC Detected
Jun 10, 2025 - 15:01 vuln.today
Public exploit code
CVE Published
Jun 05, 2025 - 20:15 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical stack-based buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1, affecting the formNatlimit function in the /goform/Natlimit endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets active exploitation criteria.

Technical ContextAI

The vulnerability exists in a network routing device's web interface firmware. The affected endpoint /goform/Natlimit handles Network Address Translation (NAT) limit configuration. The formNatlimit function fails to properly validate the length of the 'page' input parameter before copying it to a stack-allocated buffer (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, a classic stack buffer overflow). CPE mapping: cpe:2.3:o:tenda:ch22_firmware:1.0.0.1:*:*:*:*:*:*:*. The stack-based nature of this overflow allows attackers to overwrite the return address and achieve code execution. This is characteristic of embedded router firmware vulnerabilities where input validation is often minimal and memory protections (ASLR, stack canaries) may be absent.

CVE-2024-46045 CRITICAL POC
9.8 Sep 13

Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. Rated critical severi

CVE-2024-46044 CRITICAL POC
9.8 Sep 13

CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. Rated critical severity (C

CVE-2025-5619 HIGH POC
8.8 Jun 04

Critical stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 affecting the /goform/addUserName endpo

CVE-2025-12235 HIGH POC
7.3 Oct 27

Buffer overflow in Tenda CH22 router firmware 1.0.0.1 allows authenticated attackers on the adjacent network to execute

CVE-2025-15076 MEDIUM POC
5.5 Dec 25

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a

CVE-2025-9812 HIGH
7.4 Sep 02

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp

CVE-2025-13400 HIGH POC
7.4 Nov 19

A vulnerability was detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely explo

CVE-2025-13288 HIGH POC
7.4 Nov 17

A security vulnerability has been detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is

CVE-2025-11117 HIGH POC
7.4 Sep 28

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp

CVE-2025-9813 HIGH
7.4 Sep 02

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp

CVE-2025-9748 HIGH POC
8.7 Aug 31

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exp

CVE-2025-9443 HIGH POC
7.4 Aug 26

A flaw has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable,

Share

CVE-2025-5685 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy