CVE Alert: CVE-2025-12274 – Tenda – CH22
CVE-2025-12274
HIGHNo exploitation knownPoC observed
A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS v3.1 (8.8)
Vendor
Tenda
Product
CH22
Versions
1.0.0.1
CWE
CWE-120, Buffer Overflow
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Published
2025-10-27T12:32:12.399Z
Updated
2025-10-27T13:05:48.770Z
References
AI Summary Analysis
Risk verdict
Why this matters
Most likely attack path
Who is most exposed
Detection ideas
- Unusual traffic to the /goform/P2pListFilter URL or malformed page parameter values.
- Router crashes, reboots, or memory-corruption events logged on the device.
- Unexpected admin sessions or changes to firewall rules on the device.
- IDS/IPS signatures or anomaly alerts matching buffer overflow payload patterns.
- Anomalous outbound traffic patterns from the router to internal hosts.
Mitigation and prioritisation
- Apply vendor patch as soon as available; verify integrity before deployment.
- Disable or restrict remote administration; block WAN access to management interfaces where feasible.
- Implement network segmentation to limit impact from a compromised router.
- Enable automatic updates and monitor advisories for CVE-2025-12274.
- Conduct staged testing and change-management before broad rollout; document rollback plans.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
AI APIs OSINT driven New features
