Yuan253

**Name of the Vulnerable Software and Affected Versions** Tenda CH22 version 1.0.0.1 **Description** A security issue has been identified in the Tenda CH22 router. The issue is related to a buffer overflow within the `fromPptpUserSetting` function, located in the `/goform/PPTPUserSetting` API endpoint. Manipulation of the `delno` argument can trigger this overflow, potentially allowing for remote code execution. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.