CVE-2025-9812Improper Restriction of Operations within the Bounds of a Memory Buffer in Ch22

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow2 documents2 sources
Severity
7.4HIGHNVD
EPSS
0.3%
top 51.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ch22Tenda Ch22 Firmware
Timeline
PublishedSep 2

Description

A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ch221.0.0.1
NVDtenda/ch22_firmware1.0.0.1

🔴Vulnerability Details

1
CVEList
Tenda CH22 exeCommand formexeCommand buffer overflow2025-09-02
CVE-2025-9812 — Tenda Ch22 vulnerability | cvebase