Primary

Context

Tenda CH22 Buffer Overflow Vulnerability in PPTP User Settings

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda CH22 router, specifically in version 1.0.0.1. The issue arises in the 'fromPptpUserSetting' function within the '/goform/PPTPUserSetting' file. The vulnerability allows remote attackers to manipulate the 'delno' argument, leading to a buffer overflow condition. This flaw can be exploited to disrupt the router's normal operation, causing it to become unresponsive.

Impact

Exploitation of this vulnerability causes a stack overflow, disrupting the router's operation and making it inaccessible.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/PPTPUserSetting' endpoint with a 'delno' parameter containing a payload of approximately 2024 bytes. This oversized input overwrites the return address on the stack, creating a buffer overflow condition.

Added: Nov 17, 2025, 4:22 PM

Updated: Nov 17, 2025, 4:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda CH22 Buffer Overflow Vulnerability in PPTP User Settings

Vulnerability

Impact

Reproduction

Affected Products

Tenda CH22

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating