Tenda Ch22 Firmware vulnerabilities

CVE-2025-12234 [HIGH] CWE-119 CVE-2025-12234: A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-11423 [HIGH] CWE-119 CVE-2025-11423: A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of th A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing a manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

CVE-2025-11418 [HIGH] CWE-119 CVE-2025-11418: A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the funct A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mit_ssid_index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed pub

CVE-2025-11117 [HIGH] CWE-119 CVE-2025-11117: A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWr A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2025-9812 [HIGH] CWE-119 CVE-2025-9812: A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formex A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

CVE-2025-9813 [HIGH] CWE-119 CVE-2025-9813: A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaCo A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVE-2025-9748 [HIGH] CWE-119 CVE-2025-9748: A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIps A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote.

CVE-2025-9443 [HIGH] CWE-119 CVE-2025-9443: A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserNam A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

CVE-2025-9007 [HIGH] CWE-119 CVE-2025-9007: A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formedi A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-9006 [HIGH] CWE-119 CVE-2025-9006: A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8180 [HIGH] CWE-119 CVE-2025-8180: A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. Affected by A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formdeleteUserName of the file /goform/deleteUserName. The manipulation of the argument old_account leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5685 [HIGH] CWE-119 CVE-2025-5685: A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5619 [HIGH] CWE-119 CVE-2025-5619: A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-46045 [CRITICAL] CWE-787 CVE-2024-46045: Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.

CVE-2024-46044 [CRITICAL] CWE-787 CVE-2024-46044: CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.