Skip to main content

Ch22 Firmware

15 CVEs product

Monthly

CVE-2025-15076 MEDIUM POC This Month

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Tenda Path Traversal Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13400 HIGH POC This Month

A vulnerability was detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-13288 HIGH POC This Month

A security vulnerability has been detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-12235 HIGH POC This Week

Buffer overflow in Tenda CH22 router firmware 1.0.0.1 allows authenticated attackers on the adjacent network to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability exists in the fromSetIpBind function accessible via /goform/SetIpBind endpoint when processing the 'page' parameter. A public proof-of-concept exploit has been published on GitHub, lowering the barrier to exploitation, though no active exploitation has been confirmed by CISA KEV at time of analysis.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.2%
CVE-2025-11117 HIGH POC This Month

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-9813 HIGH This Month

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-9812 HIGH This Week

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-9748 HIGH POC This Week

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-9443 HIGH POC This Month

A flaw has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-9007 HIGH POC This Month

A vulnerability has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-9006 HIGH POC This Month

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-5685 HIGH POC This Week

Critical stack-based buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1, affecting the formNatlimit function in the /goform/Natlimit endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets active exploitation criteria.

Buffer Overflow Ch22 Firmware Tenda RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-5619 HIGH POC This Week

Critical stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 affecting the /goform/addUserName endpoint's Password parameter handling. An authenticated remote attacker can exploit this flaw to achieve complete system compromise including unauthorized access, data modification, and denial of service. Public exploit code has been disclosed and the vulnerability is actionable with low attack complexity, making it a high-priority threat.

Buffer Overflow Ch22 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-46045 CRITICAL POC Act Now

Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ch22 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-46044 CRITICAL POC Act Now

CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ch22 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Tenda Path Traversal Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A security vulnerability has been detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Buffer overflow in Tenda CH22 router firmware 1.0.0.1 allows authenticated attackers on the adjacent network to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability exists in the fromSetIpBind function accessible via /goform/SetIpBind endpoint when processing the 'page' parameter. A public proof-of-concept exploit has been published on GitHub, lowering the barrier to exploitation, though no active exploitation has been confirmed by CISA KEV at time of analysis.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Month

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A flaw has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Critical stack-based buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1, affecting the formNatlimit function in the /goform/Natlimit endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets active exploitation criteria.

Buffer Overflow Ch22 Firmware Tenda +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 affecting the /goform/addUserName endpoint's Password parameter handling. An authenticated remote attacker can exploit this flaw to achieve complete system compromise including unauthorized access, data modification, and denial of service. Public exploit code has been disclosed and the vulnerability is actionable with low attack complexity, making it a high-priority threat.

Buffer Overflow Ch22 Firmware Tenda
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ch22 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy