Sign-up

ID

VAR-202510-2345


CVE

CVE-2025-12272


TITLE

Tenda CH22 formaddressNat function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-26161

DESCRIPTION

A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The Tenda CH22 is a network device manufactured by Tenda, a Chinese company. The Tenda CH22 contains a buffer overflow vulnerability. This vulnerability stems from the fact that the parameter `page` in the file `/goform/addressNat` fails to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2025-12272 // CNVD: CNVD-2025-26161

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-26161

AFFECTED PRODUCTS

vendor:tendamodel:ch22scope:eqversion:1.0.0.1

Trust: 1.6

sources: CNVD: CNVD-2025-26161 // NVD: CVE-2025-12272

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-12272
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-12272
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2025-26161
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-12272
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-26161
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-12272
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-12272
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-26161 // NVD: CVE-2025-12272 // NVD: CVE-2025-12272

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

sources: NVD: CVE-2025-12272

PATCH

title:Patch for Tenda CH22 formaddressNat function buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/748281

Trust: 0.6

sources: CNVD: CNVD-2025-26161

EXTERNAL IDS

db:NVDid:CVE-2025-12272

Trust: 1.6

db:VULDBid:329944

Trust: 1.0

db:CNVDid:CNVD-2025-26161

Trust: 0.6

sources: CNVD: CNVD-2025-26161 // NVD: CVE-2025-12272

REFERENCES

url:https://vuldb.com/?ctiid.329944

Trust: 1.0

url:https://github.com/qiu-die/cve/issues/21

Trust: 1.0

url:https://vuldb.com/?id.329944

Trust: 1.0

url:https://vuldb.com/?submit.674159

Trust: 1.0

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-12272

Trust: 0.6

sources: CNVD: CNVD-2025-26161 // NVD: CVE-2025-12272

SOURCES

db:CNVDid:CNVD-2025-26161
db:NVDid:CVE-2025-12272

LAST UPDATE DATE

2025-11-19T23:30:50.994000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-26161date:2025-10-31T00:00:00
db:NVDid:CVE-2025-12272date:2025-10-28T02:08:18.440

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-26161date:2025-10-31T00:00:00
db:NVDid:CVE-2025-12272date:2025-10-27T12:15:34.173