Ch22
Monthly
Buffer overflow in the Tenda CH22 router (firmware 1.0.0.1) allows a remote, authenticated attacker to corrupt memory by supplying an overlong 'Name' argument to the formCertListInfo function in the /goform/CertListInfo endpoint. The flaw was disclosed by VulDB with publicly available exploit code, and the CVSS 4.0 score of 8.7 reflects high confidentiality, integrity, and availability impact. No public exploit identified in CISA KEV, so this is a proof-of-concept-stage issue rather than confirmed in-the-wild abuse.
Buffer overflow in the Tenda CH22 router (firmware 1.0.0.1) allows a remote, authenticated attacker to corrupt memory by supplying an overlong 'Name' argument to the formCertListInfo function in the /goform/CertListInfo endpoint. The flaw was disclosed by VulDB with publicly available exploit code, and the CVSS 4.0 score of 8.7 reflects high confidentiality, integrity, and availability impact. No public exploit identified in CISA KEV, so this is a proof-of-concept-stage issue rather than confirmed in-the-wild abuse.