CVE-2025-9813

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1

Description A buffer overflow issue exists in the formSetSambaConf function of the /goform/SetSambaConf file. The manipulation of the samba userNameSda argument can trigger this issue, allowing for remote exploitation. The exploit is publicly available.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /goform/SetSambaConf file. Avoid using the samba userNameSda argument in the affected function until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

BDU:2025-10878

CVE-2025-9813

Affected Products

Tenda Ch22

CVE-2025-9813

Weakness Enumeration

Related Identifiers

Affected Products

References · 13