PT-2025-30962 · Tenda · Tenda Ch22
Zhuhaiqin
·
Published
2025-07-24
·
Updated
2025-08-05
·
CVE-2025-8180
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tenda CH22 version 1.0.0.1
Description
A critical issue exists in the
formdeleteUserName function within the /goform/deleteUserName file. The old account argument is susceptible to buffer overflow, allowing for remote exploitation. The exploit for this issue has been publicly disclosed.Recommendations
Tenda CH22 version 1.0.0.1: As a temporary workaround, consider restricting access to the
/goform/deleteUserName file to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tenda Ch22