CVE-2025-13288

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1

Description A security issue has been identified in the Tenda CH22 router. The issue is related to a buffer overflow within the

fromPptpUserSetting

function, located in the

/goform/PPTPUserSetting

API endpoint. Manipulation of the

delno

argument can trigger this overflow, potentially allowing for remote code execution. The exploit for this issue has been publicly disclosed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

BDU:2025-14918

CVE-2025-13288

Tenda Ch22