Sign-up

ID

VAR-202509-3762


CVE

CVE-2025-11117


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  ch22  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015776

DESCRIPTION

A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Shenzhen Tenda Technology Co.,Ltd. of ch22 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-11117 // JVNDB: JVNDB-2025-015776

AFFECTED PRODUCTS

vendor:tendamodel:ch22scope:eqversion:1.0.0.1

Trust: 1.0

vendor:tendamodel:ch22scope:eqversion:ch22 firmware 1.0.0.1

Trust: 0.8

vendor:tendamodel:ch22scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ch22scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-015776 // NVD: CVE-2025-11117

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-11117
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-015776
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-11117
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-015776
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-11117
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-015776
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-015776 // NVD: CVE-2025-11117

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-015776 // NVD: CVE-2025-11117

EXTERNAL IDS

db:NVDid:CVE-2025-11117

Trust: 2.6

db:VULDBid:326198

Trust: 1.8

db:JVNDBid:JVNDB-2025-015776

Trust: 0.8

sources: JVNDB: JVNDB-2025-015776 // NVD: CVE-2025-11117

REFERENCES

url:https://github.com/zhaoyinshan/cve/issues/2

Trust: 1.8

url:https://vuldb.com/?id.326198

Trust: 1.8

url:https://vuldb.com/?submit.662927

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?ctiid.326198

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-11117

Trust: 0.8

sources: JVNDB: JVNDB-2025-015776 // NVD: CVE-2025-11117

SOURCES

db:JVNDBid:JVNDB-2025-015776
db:NVDid:CVE-2025-11117

LAST UPDATE DATE

2025-10-12T23:01:13.473000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-015776date:2025-10-10T08:12:00
db:NVDid:CVE-2025-11117date:2025-10-03T13:38:34.747

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-015776date:2025-10-10T00:00:00
db:NVDid:CVE-2025-11117date:2025-09-28T20:15:47.337