CVE-2025-13288Improper Restriction of Operations within the Bounds of a Memory Buffer in Ch22

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 56.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ch22Tenda Ch22 Firmware
Timeline
PublishedNov 17

Description

A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ch221.0.0.1
NVDtenda/ch22_firmware1.0.0.1

🔴Vulnerability Details

2
CVEList
Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow2025-11-17
GHSA
GHSA-74f2-85r7-qp2c: A security vulnerability has been detected in Tenda CH22 12025-11-17

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Tenda PPTPUserSetting delno Parameter Buffer Overflow Attempt (CVE-2025-13288)2025-11-17
CVE-2025-13288 — Tenda Ch22 vulnerability | cvebase