CVE-2025-12274
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2025-10-28

Assigner: VulDB

Description
A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2025-10-28
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-12274
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda ch22_firmware 1.0.0.1
tenda ch22 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-12274 is a critical buffer overflow vulnerability in the Tenda CH22 router firmware version 1.0.0.1. It occurs in the fromP2pListFilter() function within the /goform/P2pListFilter endpoint, where a user-controlled "page" parameter is copied into a fixed-size buffer of 256 bytes using the unsafe sprintf function without proper length checks. If an input larger than 256 bytes is provided, it causes adjacent memory to be overwritten, leading to memory corruption. This flaw can be exploited remotely without authentication. [1, 2, 3]

Impact Analysis

This vulnerability can lead to several severe impacts including denial of service (DoS) by crashing the web server and making the device management interface inaccessible; arbitrary code execution by overwriting the stack return address, potentially allowing an attacker to take full control of the device; and information leakage by exposing sensitive device memory. Exploitation is easy and requires no authentication, making it highly accessible to attackers. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by sending a crafted POST request to the /goform/P2pListFilter endpoint with an oversized "page" parameter (e.g., 2048 bytes) and observing if the device crashes or behaves abnormally, indicating a buffer overflow. A sample command using curl to test this could be: curl -X POST http://<target-ip>/goform/P2pListFilter -d "page=$(python3 -c 'print("A"*2048)')" If the device crashes or the management interface becomes inaccessible, it indicates the presence of the vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable /goform/P2pListFilter endpoint, applying input validation and sanitization to ensure the "page" parameter does not exceed 256 bytes, and replacing unsafe functions like sprintf with safer alternatives such as snprintf that enforce buffer size limits. Additionally, applying the principle of least privilege to minimize potential damage, and if possible, updating or replacing the affected firmware or device version to a patched one are recommended. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12274. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart