CVE-2025-11418 – This is a critical stack-based buffer overflow ... (How to Fix)

Q: What is the severity of CVE-2025-11418?

CVE-2025-11418 has a CVSS score of 9.8 (CRITICAL). This is a critical stack-based buffer overflow vulnerability in Tenda CH22 routers that allows remote attackers to execute arbitrary code or crash the device. The vulnerability exists in the HTTP request handler when processing specific parameters, and affects all versions up to 1.0.0.1. Attackers can exploit this without authentication to potentially take full control of affected routers.

📋 TL;DR

This is a critical stack-based buffer overflow vulnerability in Tenda CH22 routers that allows remote attackers to execute arbitrary code or crash the device. The vulnerability exists in the HTTP request handler when processing specific parameters, and affects all versions up to 1.0.0.1. Attackers can exploit this without authentication to potentially take full control of affected routers.

💻 Affected Systems

Products:

Tenda CH22

Versions: All versions up to and including 1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable as the vulnerable component is part of the web management interface.

📦 What is this software?

Ch22 Firmware by Tenda

View all CVEs affecting Ch22 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence installation, network traffic interception, and lateral movement to connected devices.

🟠

Likely Case

Device crash (DoS) or remote code execution allowing attacker to modify router settings, intercept traffic, or use the device as a botnet node.

🟢

If Mitigated

If properly segmented and monitored, impact limited to isolated network segment with potential for device compromise but limited lateral movement.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via HTTP requests, making internet-facing devices immediately vulnerable to attack.

🏢 Internal Only: MEDIUM - Internal devices are still vulnerable to internal attackers or compromised devices on the same network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, and the vulnerability requires no authentication, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for CH22. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router after update completes.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected devices with supported models
Implement strict network access controls to limit access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is 1.0.0.1 or earlier, device is vulnerable.

Check Version:

Check via router web interface or SSH if available: cat /proc/version or show version commands

Verify Fix Applied:

Verify firmware version has been updated beyond 1.0.0.1 and test that the /goform/AdvSetWrlsafeset endpoint properly validates input.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/AdvSetWrlsafeset with unusual mit_ssid_index values
Router crash/reboot logs
Unusual process execution

Network Indicators:

HTTP traffic to router on port 80/443 with POST to vulnerable endpoint
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (uri="/goform/AdvSetWrlsafeset" OR process="crash" OR event="reboot")

📊 Metadata

CVE ID: CVE-2025-11418

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.42% exploit probability (61.7th percentile)

Published: October 8, 2025

Last Updated: October 9, 2025

🔗 References

https://github.com/Sxxxw/cve/issues/2 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.327354 Permissions Required,VDB Entry
https://vuldb.com/?id.327354 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.665615 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11418, you might also want to check these: