PT-2025-43891 · Tenda · Tenda Ch22

Linxi666

Published

2025-10-12

Updated

2025-10-27

CVE-2025-12235

CVSS v3.1

8.0

High

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1

Description A flaw exists in the fromSetIpBind function within the /goform/SetIpBind file. Manipulating the page argument can lead to a buffer overflow. Exploitation of this issue requires local network access. The exploit code has been publicly released.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict network access to the affected device.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

BDU:2025-13507

CVE-2025-12235

Affected Products

Tenda Ch22

PT-2025-43891 · Tenda · Tenda Ch22

CVE-2025-12235

Weakness Enumeration

Related Identifiers

Affected Products

References · 10