CVE-2025-9813
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ch22_firmware | 1.0.0.1 |
| tenda | ch22 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9813 is a buffer overflow vulnerability in the Tenda CH22 router version 1.0.0.1. It occurs in the function formSetSambaConf at the /goform/SetSambaConf endpoint, specifically when handling the parameter samba_userNameSda. The input to this parameter is not properly validated for length before being copied into a buffer, leading to a buffer overflow. This can be exploited remotely by sending a specially crafted HTTP POST request with an excessively long samba_userNameSda value, causing the router to crash or become paralyzed. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely to cause a denial of service by crashing or paralyzing the Tenda CH22 router. This results in loss of availability of the device, potentially disrupting network connectivity and services relying on the router. Additionally, because the vulnerability affects confidentiality, integrity, and availability, it could allow attackers to compromise the device's security, leading to further exploitation or unauthorized access. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted HTTP POST request to the /goform/SetSambaConf endpoint with an excessively long samba_userNameSda parameter and observing if the router crashes or becomes unresponsive. A proof-of-concept Python script exists that sends a payload with 300 'A' characters in the samba_userNameSda parameter to trigger the overflow. For detection, you can use curl or similar tools to send such a request and monitor the device's behavior. Example command: curl -X POST http://<router-ip>/goform/SetSambaConf -d "samba_userNameSda=$(python3 -c 'print("A"*300)')" -v [3]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been identified for this vulnerability. The suggested immediate step is to replace the affected Tenda CH22 router version 1.0.0.1 with an alternative device or firmware that is not vulnerable. Additionally, restricting remote access to the /goform/SetSambaConf endpoint or disabling Samba configuration via this interface may reduce exposure, but no official fixes are available. [2]