CVE-2025-15229
Unknown Unknown - Not Provided
Denial of Service in Tenda CH22 DHCP Client via LISTLEN

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: VulDB

Description
A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15229
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda ch22 1.0.0.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Tenda CH22 device up to version 1.0.0.1, specifically in the fromDhcpListClient function of the /goform/DhcpListClient file. It involves manipulation of the argument LISTLEN, which can lead to a denial of service condition. The attack can be launched remotely and the exploit has been publicly disclosed.

Impact Analysis

The vulnerability can cause a denial of service (DoS) on the affected device, meaning the device may become unavailable or unresponsive due to the exploitation of the LISTLEN argument manipulation. This can disrupt network connectivity or device functionality.

Detection Guidance

This vulnerability can be detected by monitoring for unusually high CPU utilization and unresponsiveness of the Tenda CH22 router's web interface, especially after receiving HTTP POST requests to the /goform/DhcpListClient endpoint with a large LISTLEN parameter. A practical detection method is to observe timeouts or failures when accessing the device's web interface. Additionally, network monitoring tools can be used to detect suspicious HTTP POST requests with abnormally large LISTLEN values. A proof-of-concept Python script exists that sends a crafted POST request with LISTLEN set to 1,000,000 to test for the vulnerability by causing the device to hang or reboot. Specific commands are not detailed, but monitoring CPU usage (e.g., via SNMP or router logs) and HTTP request patterns can help detect exploitation attempts. [2, 3]

Mitigation Strategies

Immediate mitigation steps include replacing the affected Tenda CH22 device with an alternative product to avoid exploitation, as no known countermeasures or patches are currently available. Additionally, network administrators can implement network-level protections such as filtering or blocking suspicious HTTP POST requests targeting the /goform/DhcpListClient endpoint with large LISTLEN parameters. If possible, restricting access to the router's management interface from untrusted networks can reduce exposure. The vulnerability can be mitigated in the code by implementing strict input validation to enforce an upper limit on the LISTLEN parameter (e.g., 32 or 64 entries) and optimizing or rate-limiting resource-intensive operations like NVRAM writes, but these require firmware updates which are not currently available. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15229. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart