CVE 8.7 HIGH

Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow_CVE-2025-13288

November 17, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

AI Analysis

Buffer overflow vulnerability in Tenda CH22 1.0.0.1 via the fromPptpUserSetting function, allowing remote attacks.

Basic Information

ID CVE-2025-13288

Source VulDB

Published Nov 17, 2025 at 15:32

Modified Nov 17, 2025 at 15:43

Affected Product

Vendor Tenda

Product CH22

Version 1.0.0.1

Affected Versions Tenda CH22 1.0.0.1

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product CH22

Version 1.0.0.1

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2025-11-17T15:32:07.862Z",
    "modified": "2025-11-17T15:43:45.974Z",
    "type": "cve",
    "title": "Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332628\nhttps://vuldb.com/?ctiid.332628\nhttps://vuldb.com/?submit.691594\nhttps://github.com/yyyy1g/CVE/issues/1\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-13288",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda CH22 1.0.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CH22",
    "version": "1.0.0.1",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda CH22 1.0.0.1 via the fromPptpUserSetting function, allowing remote attacks.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "CH22",
    "ai_version": "1.0.0.1",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply