VDB-311169 · CVE-2025-5685 · EUVD-2025-17025

Tenda CH22 1.0.0.1 /goform/Natlimit formNatlimit page Okusukkuluma kwa buffer

Waliwo obulabe obwategekeddwa nga ekikulu nnyo obuzuliddwa mu Tenda CH22 1.0.0.1. Obulabe buli ku omugaso formNatlimit ku fayiro /goform/Natlimit. Okukozesa ku lugero page kivirako Okusukkuluma kwa buffer. Okukozesa CWE okulaga ekizibu kireetera CWE-121. Obunafu buno bwateekebwawo ku 04/06/2025. Ekiteeso kino kisangibwa ku mukutu ogusobola okuddownloadinga ku github.com. Obunafu buno buzibwa nga CVE-2025-5685. Kisoboka okutandika okukola attack okuva wala. Obulambulukufu bw'eby'ekikugu buliwo. Okuddamu, waliwo ekikozesebwa ekiriwo. Ekikozesebwa kyamanyiddwa mu bantu era kisobola okukozesebwa. Mu kiseera kino, omutengo ogw’akaseera ku kikozesebwa kiyinza okuba nga giri mu USD $0-$5k mu kiseera kino. Kitegekeddwa nga ebikakasa eby'okukakasa obusobozi. Kisoboka okuddownloadinga exploit ku github.com. Ng’era 0-day, omuwendo ogusabibwa mu kifo ky’obutali mu mateeka gwali nga wa ddala $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 Okukyuusa · 100 Obubonero bw'ebikwata ku byuma

Ekibanja	Kikolebwa 04/06/2025 15:36	Okukozesa enkola empya 1/3 06/06/2025 01:42	Okukozesa enkola empya 2/3 06/06/2025 16:33	Okukozesa enkola empya 3/3 11/06/2025 03:28
software_vendor	Tenda	Tenda	Tenda	Tenda
software_name	CH22	CH22	CH22	CH22
software_version	1.0.0.1	1.0.0.1	1.0.0.1	1.0.0.1
software_file	/goform/Natlimit	/goform/Natlimit	/goform/Natlimit	/goform/Natlimit
software_function	formNatlimit	formNatlimit	formNatlimit	formNatlimit
software_argument	page	page	page	page
vulnerability_cwe	CWE-121 (Okusukkuluma kwa buffer)	CWE-121 (Okusukkuluma kwa buffer)	CWE-121 (Okusukkuluma kwa buffer)	CWE-121 (Okusukkuluma kwa buffer)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	H	H	H	H
cvss3_vuldb_i	H	H	H	H
cvss3_vuldb_a	H	H	H	H
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/xubeining/Cve_report/blob/main/A%20remote%20code%20execution%20vulnerability%20in%20the%20router%20CH22%20V1.0.0.1%20manufactured%20by%20Shenzhen%20Jixiangtengda%20Technology%20Co.%2C%20Ltd1.md	https://github.com/xubeining/Cve_report/blob/main/A%20remote%20code%20execution%20vulnerability%20in%20the%20router%20CH22%20V1.0.0.1%20manufactured%20by%20Shenzhen%20Jixiangtengda%20Technology%20Co.%2C%20Ltd1.md	https://github.com/xubeining/Cve_report/blob/main/A%20remote%20code%20execution%20vulnerability%20in%20the%20router%20CH22%20V1.0.0.1%20manufactured%20by%20Shenzhen%20Jixiangtengda%20Technology%20Co.%2C%20Ltd1.md	https://github.com/xubeining/Cve_report/blob/main/A%20remote%20code%20execution%20vulnerability%20in%20the%20router%20CH22%20V1.0.0.1%20manufactured%20by%20Shenzhen%20Jixiangtengda%20Technology%20Co.%2C%20Ltd1.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/xubeining/Cve_report/blob/main/A%20remote%20code%20execution%20vulnerability%20in%20the%20router%20CH22%20V1.0.0.1%20manufactured%20by%20Shenzhen%20Jixiangtengda%20Technology%20Co.%2C%20Ltd1.md	https://github.com/xubeining/Cve_report/blob/main/A%20remote%20code%20execution%20vulnerability%20in%20the%20router%20CH22%20V1.0.0.1%20manufactured%20by%20Shenzhen%20Jixiangtengda%20Technology%20Co.%2C%20Ltd1.md	https://github.com/xubeining/Cve_report/blob/main/A%20remote%20code%20execution%20vulnerability%20in%20the%20router%20CH22%20V1.0.0.1%20manufactured%20by%20Shenzhen%20Jixiangtengda%20Technology%20Co.%2C%20Ltd1.md	https://github.com/xubeining/Cve_report/blob/main/A%20remote%20code%20execution%20vulnerability%20in%20the%20router%20CH22%20V1.0.0.1%20manufactured%20by%20Shenzhen%20Jixiangtengda%20Technology%20Co.%2C%20Ltd1.md
source_cve	CVE-2025-5685	CVE-2025-5685	CVE-2025-5685	CVE-2025-5685
cna_responsible	VulDB	VulDB	VulDB	VulDB
software_type	Router Operating System	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	C	C	C	C
cvss2_vuldb_ii	C	C	C	C
cvss2_vuldb_ai	C	C	C	C
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	H	H	H	H
cvss4_vuldb_vi	H	H	H	H
cvss4_vuldb_va	H	H	H	H
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	9.0	9.0	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0	8.0	8.0
cvss3_meta_basescore	8.8	8.8	8.8	9.1
cvss3_meta_tempscore	8.0	8.0	8.4	8.9
cvss4_vuldb_bscore	8.7	8.7	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4	7.4	7.4
advisory_date	1748988000 (04/06/2025)	1748988000 (04/06/2025)	1748988000 (04/06/2025)	1748988000 (04/06/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
euvd_id		EUVD-2025-17025	EUVD-2025-17025	EUVD-2025-17025
cve_nvd_summary			A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryes			Se encontró una vulnerabilidad clasificada como crítica en Tenda CH22 1.0.0.1. Esta afecta a la función formNatlimit del archivo /goform/Natlimit. La manipulación de la página de argumentos provoca un desbordamiento del búfer en la pila. Es posible iniciar el ataque de forma remota. Se ha hecho público el exploit y puede que sea utilizado.	Se encontró una vulnerabilidad clasificada como crítica en Tenda CH22 1.0.0.1. Esta afecta a la función formNatlimit del archivo /goform/Natlimit. La manipulación de la página de argumentos provoca un desbordamiento del búfer en la pila. Es posible iniciar el ataque de forma remota. Se ha hecho público el exploit y puede que sea utilizado.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			H	H
cvss4_cna_vi			H	H
cvss4_cna_va			H	H
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			8.7	8.7
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			H	H
cvss3_cna_i			H	H
cvss3_cna_a			H	H
cvss3_cna_basescore			8.8	8.8
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			C	C
cvss2_cna_ii			C	C
cvss2_cna_ai			C	C
cvss2_cna_basescore			9	9
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				N
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				9.8

◂ Ddaabayo Okusaba Kw'ebintu Byonna Genda mu maaso ▸

Do you know our Splunk app?

Download it now for free!