CVE Alert: CVE-2025-9813 - Tenda - CH22

CVE-2025-9813

HIGHNo exploitation known

A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVSS v3.1 (8.8)

Vendor

Tenda

Product

CH22

Versions

1.0.0.1

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-09-02T04:02:07.353Z

Updated

2025-09-02T13:56:18.157Z

References

https://vuldb.com/?id.322140

https://vuldb.com/?ctiid.322140

https://vuldb.com/?submit.641151

https://github.com/csgii/cve/issues/2

https://www.tenda.com.cn/

AI Summary Analysis

Risk verdict

High risk: remote, network-based exploitation with a publicly available exploit and high impact on confidentiality, integrity, and availability; treat with urgent attention pending KEV/SSVC exploitation state confirmation.

Why this matters

The vulnerability enables memory corruption via a network-facing endpoint with low privileges and no user interaction, allowing potential remote code execution. Real-world attackers could achieve full control and disrupt or exfiltrate data, with rapid propagation if unpatched.

Most likely attack path

An attacker sends crafted input over the network to the affected component, triggering a buffer overflow and memory corruption. With low prerequisites and no UI interaction, successful exploitation could yield high-impact access, potentially enabling persistence and lateral movement within the device or environment.

Who is most exposed

Devices deployed with exposed management interfaces or remote configuration capabilities are most at risk, particularly in networks where management ports are reachable from the internet or poorly segmented.

Detection ideas

Surges in memory or process crashes linked to the affected service.
Unexpected reboots or system instability following network probes to the management endpoint.
IDS/IPS alerts for anomalous payloads targeting the endpoint or unusual Samba/config-related traffic.
Logs showing failed or unusual attempts to send crafted payloads to the management interface.
Signatures or indicators of the publicly available exploit in local memory or crash dumps.

Mitigation and prioritisation

Apply vendor patch or upgrade to a fixed version as a top priority.
If patching is delayed, disable remote management or restrict it to trusted networks; implement strong network segmentation.
Enforce access controls and monitor for anomalous configuration change attempts.
Amplify logging and rotate credentials; deploy host-based and network monitoring for exploitation indicators.
If KEV or EPSS data later indicates active exploitation, escalate to Priority 1 and accelerate remediation.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: ch22, CVE, cve-2025-9813, OSINT, tenda, threatintel

CVE Alert: CVE-2025-9813 – Tenda – CH22