Primary

Context

Tenda CH22 Buffer Overflow Vulnerability in the Command Execution Function

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda CH22 router, specifically in the firmware version 1.0.0.1. The issue arises within the 'formexeCommand' function of the '/goform/exeCommand' file, where the 'cmdinput' parameter can be manipulated, leading to a stack overflow. This vulnerability can be exploited remotely, causing the router to become unresponsive and inaccessible.

Impact

Exploitation of this vulnerability causes a stack overflow, disrupting the router's normal operation and rendering it inaccessible.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/exeCommand' endpoint with a 'cmdinput' parameter that is excessively long, such as 512 bytes of repeated characters. This can be done using a Python script that utilizes the 'requests' library to automate the process.

Added: Sep 2, 2025, 3:19 AM

Updated: Sep 2, 2025, 3:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda CH22 Buffer Overflow Vulnerability in the Command Execution Function

Vulnerability

Impact

Reproduction

Affected Products

Tenda CH22

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating