CVE-2025-11418

Name of the Vulnerable Software and Affected Versions Tenda CH22 versions prior to 1.0.0.1

Description A security issue exists in Tenda CH22. The formWrlsafeset function within the /goform/AdvSetWrlsafeset file, part of the HTTP Request Handler component, is susceptible to a stack-based buffer overflow. Manipulation of the mit ssid index argument can trigger this issue, potentially allowing for remote exploitation. The exploit has been publicly disclosed.

Recommendations Versions prior to 1.0.0.1 should be updated. As a temporary workaround, consider segmenting or monitoring HTTP management traffic. Restrict access to the vulnerable component /goform/AdvSetWrlsafeset to minimize the risk of exploitation. Avoid using the parameter mit ssid index in the affected function formWrlsafeset() until the issue is resolved.