Volerion logoVolerion
Volerion logoVolerion

Tenda CH22 Stack-Based Buffer Overflow Vulnerability in addUserName Function Allowing Remote Code Execution

Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the Tenda CH22 router, specifically in version 1.0.0.1. The issue arises in the addUserName function within the goform/addUserName file, where the Password argument can be manipulated. This vulnerability allows for remote code execution, as the overflow can be exploited to execute arbitrary code on the device.

Impact

Exploitation of this vulnerability leads to unauthorized remote code execution on the affected router.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/addUserName endpoint. The request must include a Password parameter that is crafted to exceed the buffer size, causing a stack overflow. This can be achieved by using a payload that includes a cyclic pattern to overwrite the stack, followed by the addresses of specific functions or commands to be executed.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
7.5
exploitability
4.6
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.