CVE-2025-12235Improper Restriction of Operations within the Bounds of a Memory Buffer in Ch22

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.2%
top 62.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ch22Tenda Ch22 Firmware
Timeline
PublishedOct 27

Description

A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ch221.0.0.1
NVDtenda/ch22_firmware1.0.0.1

🔴Vulnerability Details

2
CVEList
Tenda CH22 SetIpBind fromSetIpBind buffer overflow2025-10-27
GHSA
GHSA-mrmh-4ppp-pg8c: A vulnerability was found in Tenda CH22 12025-10-27

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Tenda SetIpBind page Parameter Buffer Overflow Attempt (CVE-2025-12235)2025-10-27
CVE-2025-12235 — Tenda Ch22 vulnerability | cvebase