Description

A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Related CPE's

o

tenda

ch22_firmware

1.0.0.1

Vulnerable

h

tenda

ch22

-

References

https://github.com/maximdevere/CVE2/issues/5

ExploitIssue TrackingThird Party Advisory

https://github.com/maximdevere/CVE2/issues/5#issue-3673676260

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.335866

Permissions RequiredVDB Entry

https://vuldb.com/?id.335866

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.703035

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Product

Weaknesses

[email protected]

Primary
CWE-119CWE-120

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-11T17:15:55.660

1 week ago

Last modified

2025-12-19T14:41:24.493

4 hours ago