CVE-2025-11117
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-28

Last updated on: 2025-10-03

Assigner: VulDB

Description
A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-28
Last Modified
2025-10-03
Generated
2026-06-16
AI Q&A
2025-09-28
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11117
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda ch22_firmware 1.0.0.1
tenda ch22 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11117 is a critical buffer overflow vulnerability in the Tenda CH22 router version 1.0.0.1. It occurs in the function formWrlExtraGet within the file /goform/GstDhcpSetSer, where the dips argument is improperly handled. Specifically, the input buffer is copied into a fixed-size output buffer without verifying the input size, causing a buffer overflow. This flaw can be exploited remotely without authentication by sending a specially crafted HTTP POST request, potentially leading to device crashes or further exploitation. [1, 2, 3]

Impact Analysis

This vulnerability can impact you by allowing an attacker to remotely crash your Tenda CH22 router, causing a denial of service and making the device unresponsive. Because the buffer overflow affects confidentiality, integrity, and availability, it could also potentially be exploited for further attacks beyond denial of service. The attack complexity is low, and exploits are publicly available, meaning your device is at significant risk if unpatched. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by monitoring for HTTP POST requests sent to the endpoint /goform/GstDhcpSetSer with an unusually large or malformed 'dips' parameter. A practical detection method is to capture and inspect network traffic for such requests. For example, using tcpdump or Wireshark to filter HTTP POST requests to the vulnerable endpoint. A sample tcpdump command could be: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/GstDhcpSetSer'. Additionally, you can use curl or similar tools to test the endpoint by sending crafted POST requests with oversized 'dips' parameters to see if the device responds abnormally or crashes. For example: curl -X POST http://<router-ip>/goform/GstDhcpSetSer -d 'dips=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'. [2]

Mitigation Strategies

Immediate mitigation steps include replacing the affected Tenda CH22 router version 1.0.0.1 with a non-vulnerable device, as no known countermeasures or patches currently exist. Additionally, restricting remote access to the router's management interface, such as blocking external HTTP POST requests to /goform/GstDhcpSetSer, can reduce exposure. Network-level protections like firewall rules or intrusion prevention systems can be configured to detect and block suspicious requests targeting this endpoint. Monitoring the device for crashes or unresponsiveness can also help identify exploitation attempts. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11117. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart