Sign-up

ID

VAR-202512-0002


CVE

CVE-2025-14526


TITLE

Tenda CH22 buffer overflow vulnerability (CNVD-2025-3077012)

Trust: 0.6

sources: CNVD: CNVD-2025-30770

DESCRIPTION

A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The Tenda CH22 is an enterprise-grade wireless router suitable for small and medium-sized businesses or home office environments. It supports a single-band 2.4GHz wireless network with a maximum transmission rate of 450Mbps. A buffer overflow vulnerability exists in version 1.0.0.1 of the Tenda CH22. This vulnerability is related to the `frmL7ImForm` function on the `/goform/L7Im` interface and arises from the lack of valid length validation for the passed `page` parameter. A remote attacker could exploit this vulnerability to execute arbitrary code, thereby gaining complete control of the device or causing service disruption

Trust: 1.44

sources: NVD: CVE-2025-14526 // CNVD: CNVD-2025-30770

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-30770

AFFECTED PRODUCTS

vendor:tendamodel:ch22scope:eqversion:1.0.0.1

Trust: 1.6

sources: CNVD: CNVD-2025-30770 // NVD: CVE-2025-14526

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-14526
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-30770
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-14526
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-30770
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-14526
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-30770 // NVD: CVE-2025-14526

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

sources: NVD: CVE-2025-14526

EXTERNAL IDS

db:NVDid:CVE-2025-14526

Trust: 1.6

db:VULDBid:335866

Trust: 1.0

db:CNVDid:CNVD-2025-30770

Trust: 0.6

sources: CNVD: CNVD-2025-30770 // NVD: CVE-2025-14526

REFERENCES

url:https://vuldb.com/?id.335866

Trust: 1.0

url:https://github.com/maximdevere/cve2/issues/5

Trust: 1.0

url:https://github.com/maximdevere/cve2/issues/5#issue-3673676260

Trust: 1.0

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://vuldb.com/?submit.703035

Trust: 1.0

url:https://vuldb.com/?ctiid.335866

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-14526

Trust: 0.6

sources: CNVD: CNVD-2025-30770 // NVD: CVE-2025-14526

SOURCES

db:CNVDid:CNVD-2025-30770
db:NVDid:CVE-2025-14526

LAST UPDATE DATE

2025-12-19T23:03:05.839000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-30770date:2025-12-16T00:00:00
db:NVDid:CVE-2025-14526date:2025-12-19T14:41:24.493

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-30770date:2025-12-15T00:00:00
db:NVDid:CVE-2025-14526date:2025-12-11T17:15:55.660