Sign-up

ID

VAR-202510-2217


CVE

CVE-2025-12322


TITLE

Tenda CH22 buffer overflow vulnerability fromNatStaticSetting function

Trust: 0.6

sources: CNVD: CNVD-2025-26164

DESCRIPTION

A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. The Tenda CH22 is a network device manufactured by Tenda, a Chinese company. Version 1.0.0.1 of the Tenda CH22 contains a buffer overflow vulnerability. This vulnerability stems from the fact that the `page` parameter of the function `fromNatStaticSetting` in the file `/goform/NatStaticSetting` fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2025-12322 // CNVD: CNVD-2025-26164

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-26164

AFFECTED PRODUCTS

vendor:tendamodel:ch22scope:eqversion:1.0.0.1

Trust: 1.6

sources: CNVD: CNVD-2025-26164 // NVD: CVE-2025-12322

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-12322
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-26164
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-12322
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-26164
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-12322
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-26164 // NVD: CVE-2025-12322

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

sources: NVD: CVE-2025-12322

PATCH

title:Patch for Tenda CH22 buffer overflow vulnerability fromNatStaticSetting functionurl:https://www.cnvd.org.cn/patchInfo/show/748276

Trust: 0.6

sources: CNVD: CNVD-2025-26164

EXTERNAL IDS

db:NVDid:CVE-2025-12322

Trust: 1.6

db:VULDBid:330101

Trust: 1.0

db:CNVDid:CNVD-2025-26164

Trust: 0.6

sources: CNVD: CNVD-2025-26164 // NVD: CVE-2025-12322

REFERENCES

url:https://github.com/qiu-die/cve/issues/19

Trust: 1.6

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://vuldb.com/?ctiid.330101

Trust: 1.0

url:https://vuldb.com/?id.330101

Trust: 1.0

url:https://vuldb.com/?submit.674151

Trust: 1.0

sources: CNVD: CNVD-2025-26164 // NVD: CVE-2025-12322

SOURCES

db:CNVDid:CNVD-2025-26164
db:NVDid:CVE-2025-12322

LAST UPDATE DATE

2025-11-19T23:21:10.193000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-26164date:2025-10-31T00:00:00
db:NVDid:CVE-2025-12322date:2025-10-30T20:08:15.307

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-26164date:2025-10-31T00:00:00
db:NVDid:CVE-2025-12322date:2025-10-27T21:15:36.160