CVE 8.7 HIGH

Tenda CH22 DhcpListClient fromDhcpListClient buffer overflow_CVE-2025-12236

October 27, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

AI Analysis

Buffer overflow vulnerability in Tenda CH22 1.0.0.1 due to improper handling of the page argument in the fromDhcpListClient function, allowing remote exploitation.

Basic Information

ID CVE-2025-12236

Source VulDB

Published Oct 27, 2025 at 06:22

Affected Product

Vendor Tenda

Product CH22

Version 1.0.0.1

Affected Versions Tenda CH22 1.0.0.1

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product CH22

Version 1.0.0.1

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.",
    "published": "2025-10-27T06:22:47.662Z",
    "modified": "2025-10-27T06:22:47.662Z",
    "type": "cve",
    "title": "Tenda CH22 DhcpListClient fromDhcpListClient buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329906\nhttps://vuldb.com/?ctiid.329906\nhttps://vuldb.com/?submit.673724\nhttps://github.com/QIU-DIE/CVE/issues/17\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-12236",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda CH22 1.0.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CH22",
    "version": "1.0.0.1",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda CH22 1.0.0.1 due to improper handling of the page argument in the fromDhcpListClient function, allowing remote exploitation.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "CH22",
    "ai_version": "1.0.0.1",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply