Tenda Ch22 Firmware vulnerabilities

CVE-2026-5156 [HIGH] CWE-119 CVE-2026-5156: A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of th A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized

CVE-2026-5204 [HIGH] CWE-119 CVE-2026-5204: A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2026-5152 [HIGH] CWE-119 CVE-2026-5152: A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of t A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

CVE-2026-5155 [HIGH] CWE-119 CVE-2026-5155: A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

CVE-2026-5153 [MEDIUM] CWE-74 CVE-2026-5153: A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.

CVE-2025-15229 [MEDIUM] CWE-404 CVE-2025-15229: A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the fu A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-15076 [MEDIUM] CWE-22 CVE-2025-15076: A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /p A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2025-14526 [HIGH] CWE-119 CVE-2025-14526: A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

CVE-2025-13400 [HIGH] CWE-119 CVE-2025-13400: A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing a manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.

CVE-2025-13288 [HIGH] CWE-119 CVE-2025-13288: A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptp A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-12233 [HIGH] CWE-119 CVE-2025-12233: A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilte A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

CVE-2025-12273 [HIGH] CWE-119 CVE-2025-12273: A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFil A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2025-12236 [HIGH] CWE-119 CVE-2025-12236: A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListCl A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

CVE-2025-12274 [HIGH] CWE-119 CVE-2025-12274: A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

CVE-2025-12235 [HIGH] CWE-119 CVE-2025-12235: A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBi A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used.

CVE-2025-12272 [HIGH] CWE-119 CVE-2025-12272: A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing a manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

CVE-2025-12265 [HIGH] CWE-119 CVE-2025-12265: A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVir A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

CVE-2025-12322 [HIGH] CWE-119 CVE-2025-12322: A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSet A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing a manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

CVE-2025-12271 [HIGH] CWE-119 CVE-2025-12271: A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of t A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.

CVE-2025-12232 [HIGH] CWE-119 CVE-2025-12232: A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function f A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.