CVE-2025-8180
BaseFortify
Publication date: 2025-07-26
Last updated on: 2025-08-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ch22_firmware | 1.0.0.1 |
| tenda | ch22 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8180 is a critical buffer overflow vulnerability in the Tenda CH22 router version 1.0.0.1. It occurs in the function formdeleteUserName within the /goform/deleteUserName endpoint. The vulnerability arises because the old_account parameter is not properly checked for length before being copied, leading to a buffer overflow. An attacker can exploit this remotely by sending a specially crafted request with an excessively long old_account value, causing the router's server to crash or become paralyzed. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without authentication to cause a denial of service by crashing or paralyzing the router's server. This impacts the availability of the device, making it inaccessible and disrupting network connectivity. Additionally, it affects the confidentiality and integrity of the device, as the flaw allows attackers to compromise the router's normal operation. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted POST request to the /goform/deleteUserName endpoint with an excessively long old_account parameter. For example, using curl, you can run a command like: curl -X POST http://<router-ip>/goform/deleteUserName -d "old_account=$(python3 -c 'print("a"*1000)')". If the router crashes or becomes unresponsive after this request, it indicates the presence of the vulnerability. [3]
What immediate steps should I take to mitigate this vulnerability?
No official vendor patch or fix is currently available for this vulnerability. The suggested immediate mitigation is to replace the affected Tenda CH22 router version 1.0.0.1 with an alternative device. Additionally, restricting access to the router's web interface from untrusted networks and monitoring for suspicious POST requests to /goform/deleteUserName may help reduce exposure. [2]