| Title | Tenda CH22 V1.0.0.1 Buffer Overflow |
|---|
| Description | During the security assessment of the application, a critical buffer overflow vulnerability was identified in the goform/WrlExtraGet endpoint. The vulnerability originates from the formWrlExtraGet() function, where the user-controlled chkHz parameter is appended to the fixed-size buffer v35 using strcat without enforcing proper length validation. Since v35 is limited to 2048 bytes, providing input exceeding this size can overflow the buffer and overwrite adjacent memory. This flaw can result in memory corruption, application crashes, or arbitrary code execution. The vulnerability poses significant risks to device stability, data integrity, and overall system security, and requires immediate remediation to prevent potential exploitation. |
|---|
| Source | ⚠️ https://github.com/f000x0/cve/issues/14 |
|---|
| User | Li Hu (UID 89284) |
|---|
| Submission | 11/10/2025 15:58 (7 months ago) |
|---|
| Moderation | 11/19/2025 11:29 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 332926 [Tenda CH22 1.0.0.1 /goform/WrlExtraGet formWrlExtraGet chkHz buffer overflow] |
|---|
| Points | 20 |
|---|