CVE-2025-11418

CWE-119Buffer OverflowCWE-121Stack-based Buffer Overflow4 documents4 sources
Severity
8.9HIGH
EPSS
0.9%
top 24.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ch22 FirmwareTenda Ch22
Timeline
PublishedOct 8

Description

A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mit_ssid_index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDtenda/ch22_firmware1.0.0.1
CVEListV5tenda/ch221.0.0.0, 1.0.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-m8w6-47jc-f78c: A security vulnerability has been detected in Tenda CH22 up to 12025-10-08
CVEList
Tenda CH22 HTTP Request AdvSetWrlsafeset formWrlsafeset stack-based overflow2025-10-08

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Tenda AdvSetWrlsafeset mit_ssid_index Parameter Buffer Overflow Attempt (CVE-2025-11418)2025-10-08
CVE-2025-11418 (HIGH CVSS 8.9) | A security vulnerability has been d | cvebase.io