Tenda Ch22 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda Ch22 Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Tenda Ch22 Firmware. Last year, in 2025 Ch22 Firmware had 23 security vulnerabilities published. Right now, Ch22 Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 23 | 8.72 |
| 2024 | 2 | 9.80 |
It may take a day or so for new Ch22 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda Ch22 Firmware Security Vulnerabilities
A vulnerability has been found in Tenda CH22 up to 1.0.0.1
CVE-2025-15229
5.3 - Medium
- December 30, 2025
A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Improper Resource Shutdown or Release
Path Traversal in Tenda CH22 1.0.0.1 /public/ (remote)
CVE-2025-15076
7.3 - High
- December 25, 2025
A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Directory traversal
Tenda CH22 1.0.0.1 buf overflow in frmL7ImForm (/goform/L7Im)
CVE-2025-14526
8.8 - High
- December 11, 2025
A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 Buffer Overflow in formWrlExtraGet (chkHz)
CVE-2025-13400
8.8 - High
- November 19, 2025
A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing a manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 PPTPUserSetting Buffer Overflow Remote
CVE-2025-13288
8.8 - High
- November 17, 2025
A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 /goform/NatStaticSetting buffer overflow
CVE-2025-12322
8.8 - High
- October 27, 2025
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing a manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 Remote Buffer Overflow in fromP2pListFilter
CVE-2025-12274
8.8 - High
- October 27, 2025
A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 Buffer Overflow in webExcptypemanFilter
CVE-2025-12273
8.8 - High
- October 27, 2025
A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 Buffer Overflow in fromAddressNat (Remote)
CVE-2025-12272
8.8 - High
- October 27, 2025
A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing a manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Classic Buffer Overflow
Remote Buffer Overflow in Tenda CH22 1.0.0.1 RouteStatic via /goform/RouteStatic
CVE-2025-12271
8.8 - High
- October 27, 2025
A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 Buffer Overflow in /goform/VirtualSer
CVE-2025-12265
8.8 - High
- October 27, 2025
A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 buffer overflow in DhcpListClient (remote exploitable)
CVE-2025-12236
8.8 - High
- October 27, 2025
A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Classic Buffer Overflow
Buffer Overflow in Tenda CH22 1.0.0.1 /goform/SetIpBind (local net)
CVE-2025-12235
8 - High
- October 27, 2025
A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 SFM buffer overflow via page arg
CVE-2025-12234
8.8 - High
- October 27, 2025
A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 Buffer Overflow in fromSafeUrlFilter via page param
CVE-2025-12233
8.8 - High
- October 27, 2025
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Classic Buffer Overflow
Buffer Overflow in Tenda CH22 v1.0.0.1 SafeClientFilter
CVE-2025-12232
8.8 - High
- October 27, 2025
A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Classic Buffer Overflow
Tenda CH22 1.0.0.1 SafeEmailFilter Memory Corruption RCE
CVE-2025-11423
9.8 - Critical
- October 08, 2025
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing a manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Buffer Overflow
Tenda CH22 1.0.0.1 Stack Buffer Overflow via HTTP Request Handler
CVE-2025-11418
9.8 - Critical
- October 08, 2025
A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mit_ssid_index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Stack Overflow
Tenda CH22 1.0.0.1 Buffer Overflow in formeditFileName (Pre-1.0.0.1)
CVE-2025-9007
8.8 - High
- August 15, 2025
A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda CH22 1.0.0.1: Remote Buffer Overflow via formdelFileName
CVE-2025-9006
8.8 - High
- August 15, 2025
A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Critical RCE via Buffer Overflow in Tenda CH22 1.0.0.1 /goform/deleteUserName
CVE-2025-8180
8.8 - High
- July 26, 2025
A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formdeleteUserName of the file /goform/deleteUserName. The manipulation of the argument old_account leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda CH22 1.0.0.1: formNatlimit Buffer Overflow (CVE-2025-5685)
CVE-2025-5685
9.8 - Critical
- June 05, 2025
A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
Critical Stack Overflow in Tenda CH22 Router (v1.0.0.1) via /goform/addUserName
CVE-2025-5619
9.8 - Critical
- June 04, 2025
A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
Stack Overflow in CH22 V1.0.0.6 fromqossetting
CVE-2024-46044
9.8 - Critical
- September 13, 2024
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.
Memory Corruption
Tenda CH22 V1.0.0.6 stack overflow in frmL7PlotForm CVE-2024-46045
CVE-2024-46045
9.8 - Critical
- September 13, 2024
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda Ch22 Firmware or by Tenda? Click the Watch button to subscribe.
