Sign-up

ID

VAR-202510-2136


CVE

CVE-2025-12235


TITLE

Tenda CH22 formSetIpBind function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-26163

DESCRIPTION

A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used. The Tenda CH22 is a network device manufactured by Tenda, a Chinese company. This vulnerability stems from the fact that the `page` parameter of the function `fromSetIpBind` in the file `/goform/SetIpBind` fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2025-12235 // CNVD: CNVD-2025-26163

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-26163

AFFECTED PRODUCTS

vendor:tendamodel:ch22scope:eqversion:1.0.0.1

Trust: 1.6

sources: CNVD: CNVD-2025-26163 // NVD: CVE-2025-12235

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-12235
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-12235
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-26163
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-12235
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-26163
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-12235
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2025-26163 // NVD: CVE-2025-12235 // NVD: CVE-2025-12235

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

sources: NVD: CVE-2025-12235

PATCH

title:Patch for Tenda CH22 formSetIpBind function buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/748291

Trust: 0.6

sources: CNVD: CNVD-2025-26163

EXTERNAL IDS

db:NVDid:CVE-2025-12235

Trust: 1.6

db:VULDBid:329905

Trust: 1.0

db:CNVDid:CNVD-2025-26163

Trust: 0.6

sources: CNVD: CNVD-2025-26163 // NVD: CVE-2025-12235

REFERENCES

url:https://vuldb.com/?ctiid.329905

Trust: 1.0

url:https://vuldb.com/?id.329905

Trust: 1.0

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://vuldb.com/?submit.673720

Trust: 1.0

url:https://github.com/qiu-die/cve/issues/16

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-12235

Trust: 0.6

sources: CNVD: CNVD-2025-26163 // NVD: CVE-2025-12235

SOURCES

db:CNVDid:CNVD-2025-26163
db:NVDid:CVE-2025-12235

LAST UPDATE DATE

2025-11-19T19:40:47.218000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-26163date:2025-10-31T00:00:00
db:NVDid:CVE-2025-12235date:2025-10-27T18:45:58.327

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-26163date:2025-10-31T00:00:00
db:NVDid:CVE-2025-12235date:2025-10-27T07:15:38.533