CVE-2025-11117

CWE-119Buffer OverflowCWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.4HIGH
EPSS
0.3%
top 50.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ch22Tenda Ch22 Firmware
Timeline
PublishedSep 28

Description

A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ch221.0.0.1
NVDtenda/ch22_firmware1.0.0.1

🔴Vulnerability Details

2
GHSA
GHSA-4rg9-p5q3-hvv2: A vulnerability was determined in Tenda CH22 12025-09-28
CVEList
Tenda CH22 GstDhcpSetSer formWrlExtraGet buffer overflow2025-09-28
CVE-2025-11117 (HIGH CVSS 7.4) | A vulnerability was determined in T | cvebase.io