Tenda CH22 1.0.0.1 Buffer Overflow Vulnerability

HIGH (8.8)
cwe-119cwe-120buffer-overflowch22remote-exploitationtendawireless-router

Threat Intelligence

Low Risk
EPSS Score: 0.09% chance of exploitation (percentile: 26%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Tenda CH22 is a wireless router, and the vulnerability discovered in version 1.0.0.1 affects its /goform/L7Im function. This allows attackers to manipulate the argument page, leading to a buffer overflow. The exploit can be performed remotely without requiring user interaction or high privileges.

Am I affected?

You're affected if you use A security flaw. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Packages

go: github.com/stretchr/testify

How to fix

To fix this vulnerability:

  1. Update to version 1.0.1.2 or later: Download the patched firmware from Tenda's official website.
  2. Immediate mitigations:
    • Restrict network access to your router (firewall it from the public internet) to prevent remote exploitation.
    • Monitor for suspicious activity on your router.

References