CVE-2025-11117
BaseFortify
Publication date: 2025-09-28
Last updated on: 2025-10-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ch22_firmware | 1.0.0.1 |
| tenda | ch22 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11117 is a critical buffer overflow vulnerability in the Tenda CH22 router version 1.0.0.1. It occurs in the function formWrlExtraGet within the file /goform/GstDhcpSetSer, where the dips argument is improperly handled. Specifically, the input buffer is copied into a fixed-size output buffer without verifying the input size, causing a buffer overflow. This flaw can be exploited remotely without authentication by sending a specially crafted HTTP POST request, potentially leading to device crashes or further exploitation. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to remotely crash your Tenda CH22 router, causing a denial of service and making the device unresponsive. Because the buffer overflow affects confidentiality, integrity, and availability, it could also potentially be exploited for further attacks beyond denial of service. The attack complexity is low, and exploits are publicly available, meaning your device is at significant risk if unpatched. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP POST requests sent to the endpoint /goform/GstDhcpSetSer with an unusually large or malformed 'dips' parameter. A practical detection method is to capture and inspect network traffic for such requests. For example, using tcpdump or Wireshark to filter HTTP POST requests to the vulnerable endpoint. A sample tcpdump command could be: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/GstDhcpSetSer'. Additionally, you can use curl or similar tools to test the endpoint by sending crafted POST requests with oversized 'dips' parameters to see if the device responds abnormally or crashes. For example: curl -X POST http://<router-ip>/goform/GstDhcpSetSer -d 'dips=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Tenda CH22 router version 1.0.0.1 with a non-vulnerable device, as no known countermeasures or patches currently exist. Additionally, restricting remote access to the router's management interface, such as blocking external HTTP POST requests to /goform/GstDhcpSetSer, can reduce exposure. Network-level protections like firewall rules or intrusion prevention systems can be configured to detect and block suspicious requests targeting this endpoint. Monitoring the device for crashes or unresponsiveness can also help identify exploitation attempts. [1]