Sign-up

ID

VAR-202512-2454


CVE

CVE-2025-15229


TITLE

Shenzhen Tenda Technology Co.,Ltd. of ch22  Improper Shutdown and Release of Resources in Firmware Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-024251

DESCRIPTION

A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This attack can be carried out remotely and exploits are publicly available, so it is possible that it can be exploited in the wild.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-15229 // JVNDB: JVNDB-2025-024251

AFFECTED PRODUCTS

vendor:tendamodel:ch22scope:lteversion:1.0.0.1

Trust: 1.0

vendor:tendamodel:ch22scope: - version: -

Trust: 0.8

vendor:tendamodel:ch22scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ch22scope:lteversion:ch22 firmware 1.0.0.1 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2025-024251 // NVD: CVE-2025-15229

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-15229
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-15229
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-024251
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-15229
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-024251
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-15229
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-15229
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-024251
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-024251 // NVD: CVE-2025-15229 // NVD: CVE-2025-15229

PROBLEMTYPE DATA

problemtype:CWE-404

Trust: 1.0

problemtype:Improper shutdown and release of resources (CWE-404) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-024251 // NVD: CVE-2025-15229

PATCH

title:Submit #725472url:https://github.com/master-abc/cve/issues/7

Trust: 0.8

sources: JVNDB: JVNDB-2025-024251

EXTERNAL IDS

db:NVDid:CVE-2025-15229

Trust: 2.6

db:VULDBid:338625

Trust: 1.0

db:JVNDBid:JVNDB-2025-024251

Trust: 0.8

sources: JVNDB: JVNDB-2025-024251 // NVD: CVE-2025-15229

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?submit.725472

Trust: 1.0

url:https://github.com/master-abc/cve/issues/7

Trust: 1.0

url:https://vuldb.com/?ctiid.338625

Trust: 1.0

url:https://vuldb.com/?id.338625

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-15229

Trust: 0.8

sources: JVNDB: JVNDB-2025-024251 // NVD: CVE-2025-15229

SOURCES

db:JVNDBid:JVNDB-2025-024251
db:NVDid:CVE-2025-15229

LAST UPDATE DATE

2026-01-16T23:11:09.790000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-024251date:2026-01-09T07:24:00
db:NVDid:CVE-2025-15229date:2026-01-07T17:43:36.453

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-024251date:2026-01-09T00:00:00
db:NVDid:CVE-2025-15229date:2025-12-30T06:15:41.190