CVE 8.7 HIGH

Tenda CH22 NatStaticSetting fromNatStaticSetting buffer overflow_CVE-2025-12322

October 27, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

AI Analysis

Buffer overflow vulnerability in Tenda CH22 1.0.0.1 due to improper validation of user input in the fromNatStaticSetting function, allowing remote attackers to execute arbitrary code.

Basic Information

ID CVE-2025-12322

Source VulDB

Published Oct 27, 2025 at 20:32

Affected Product

Vendor Tenda

Product CH22

Version 1.0.0.1

Affected Versions Tenda CH22 1.0.0.1

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product CH22

Version 1.0.0.1

References

{
    "lastseen": "",
    "description": "A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.",
    "published": "2025-10-27T20:32:09.364Z",
    "modified": "2025-10-27T20:32:09.364Z",
    "type": "cve",
    "title": "Tenda CH22 NatStaticSetting fromNatStaticSetting buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.330101\nhttps://vuldb.com/?ctiid.330101\nhttps://vuldb.com/?submit.674151\nhttps://github.com/QIU-DIE/CVE/issues/19\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-12322",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda CH22 1.0.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CH22",
    "version": "1.0.0.1",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda CH22 1.0.0.1 due to improper validation of user input in the fromNatStaticSetting function, allowing remote attackers to execute arbitrary code.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "CH22",
    "ai_version": "1.0.0.1",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply