Tenda I22 Firmware vulnerabilities

CVE-2025-9297 [HIGH] CWE-119 CVE-2025-9297: A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInf A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

CVE-2024-10750 [HIGH] CWE-476 CVE-2024-10750: A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed t

CVE-2024-7583 [HIGH] CWE-120 CVE-2024-7583: A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This i A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NO

CVE-2024-7584 [HIGH] CWE-120 CVE-2024-7584: A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: Th

CVE-2024-7585 [HIGH] CWE-120 CVE-2024-7585: A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by th A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public

CVE-2024-7582 [HIGH] CWE-120 CVE-2024-7582: A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affe A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public

CVE-2024-4252 [HIGH] CWE-121 CVE-2024-4252: A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). This affects the f A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). This affects the function formSetUrlFilterRule. The manipulation of the argument groupIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262143. NOTE: The vendor was contacted e

CVE-2022-45665 [HIGH] CWE-120 CVE-2022-45665: Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.

CVE-2022-45666 [HIGH] CWE-120 CVE-2022-45666: Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the f Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.

CVE-2022-45671 [HIGH] CWE-120 CVE-2022-45671: Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in th Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function.

CVE-2022-45670 [HIGH] CWE-120 CVE-2022-45670: Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.

CVE-2022-45672 [HIGH] CWE-120 CVE-2022-45672: Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet fun Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function.

CVE-2022-45664 [HIGH] CWE-120 CVE-2022-45664: Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the f Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function.

CVE-2022-45669 [HIGH] CWE-120 CVE-2022-45669: Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function.

CVE-2022-45663 [HIGH] CWE-120 CVE-2022-45663: Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.

CVE-2022-45667 [MEDIUM] CWE-352 CVE-2022-45667: Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysTool Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.

CVE-2022-45668 [MEDIUM] CWE-352 CVE-2022-45668: Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysTool Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.