Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Critical stack-based buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1, affecting the formNatlimit function in the /goform/Natlimit endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets active exploitation criteria.
Technical ContextAI
The vulnerability exists in a network routing device's web interface firmware. The affected endpoint /goform/Natlimit handles Network Address Translation (NAT) limit configuration. The formNatlimit function fails to properly validate the length of the 'page' input parameter before copying it to a stack-allocated buffer (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, a classic stack buffer overflow). CPE mapping: cpe:2.3:o:tenda:ch22_firmware:1.0.0.1:*:*:*:*:*:*:*. The stack-based nature of this overflow allows attackers to overwrite the return address and achieve code execution. This is characteristic of embedded router firmware vulnerabilities where input validation is often minimal and memory protections (ASLR, stack canaries) may be absent.
More in Ch22 Firmware
View allTenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. Rated critical severi
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. Rated critical severity (C
Critical stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 affecting the /goform/addUserName endpo
Buffer overflow in Tenda CH22 router firmware 1.0.0.1 allows authenticated attackers on the adjacent network to execute
A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a
A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp
A vulnerability was detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely explo
A security vulnerability has been detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is
A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp
A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exp
A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exp
A flaw has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable,
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17025