EUVD-2025-16934

| CVE-2025-5619 HIGH
2025-06-04 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2025-16934
PoC Detected
Jun 06, 2025 - 20:12 vuln.today
Public exploit code
CVE Published
Jun 04, 2025 - 23:15 nvd
HIGH 8.8

Tags

Buffer Overflow Ch22 Firmware Tenda

Description

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 affecting the /goform/addUserName endpoint's Password parameter handling. An authenticated remote attacker can exploit this flaw to achieve complete system compromise including unauthorized access, data modification, and denial of service. Public exploit code has been disclosed and the vulnerability is actionable with low attack complexity, making it a high-priority threat.

Technical Context

The vulnerability exists in the formaddUserName function within the /goform/addUserName HTTP endpoint of Tenda CH22 router firmware. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. User-supplied input from the Password parameter is not properly validated for length before being written to a fixed-size stack buffer, allowing an attacker to overwrite adjacent stack memory. This is a classic memory corruption vulnerability in embedded device firmware, common in router management interfaces written in C/C++ that lack modern memory safety protections. The CH22 is a residential networking device (CPE likely: tenda:ch22:*), making this vulnerability applicable to consumer and small-business network infrastructures.

Affected Products

Tenda CH22 (['1.0.0.1'])

Remediation

Primary Patch: Contact Tenda support or check Tenda's official website for firmware updates addressing CVE-2025-5619. Upgrade CH22 firmware to a patched version released after this CVE disclosure. (Tenda) Workaround - Network Segmentation: Restrict network access to the router's web management interface (/goform/*) to trusted administrative networks only. Disable remote management if not required. Use firewall rules to block external access to ports 80/443 on the router's management interface. (Network) Workaround - Access Control: Change default router credentials immediately. Disable any user accounts not actively in use. If supported, enforce strong password policies and implement account lockout mechanisms. (Device) Detection: Monitor for HTTP POST requests to /goform/addUserName with suspiciously long Password parameter values (>256 bytes). Log and alert on failed login attempts and unusual firmware activity. (IDS/IPS) Long-term: Plan device replacement if Tenda does not provide a timely security patch. Evaluate switching to routers with active security support and regular patching cadence. (Supply)

Priority Score

65
Low Medium High Critical
KEV: 0
EPSS: +0.5
CVSS: +44
POC: +20

Share

EUVD-2025-16934 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy