CVE-2025-11423 – This vulnerability in Tenda CH22 routers allows... (How to Fix)

Q: What is the severity of CVE-2025-11423?

CVE-2025-11423 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Tenda CH22 routers allows remote attackers to execute arbitrary code or cause denial of service through memory corruption. Attackers can exploit this without authentication by manipulating the page parameter in the SafeEmailFilter function. All users running the affected firmware version are at risk.

📋 TL;DR

This vulnerability in Tenda CH22 routers allows remote attackers to execute arbitrary code or cause denial of service through memory corruption. Attackers can exploit this without authentication by manipulating the page parameter in the SafeEmailFilter function. All users running the affected firmware version are at risk.

💻 Affected Systems

Products:

Tenda CH22

Versions: 1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface which is typically enabled by default on these routers.

📦 What is this software?

Ch22 Firmware by Tenda

View all CVEs affecting Ch22 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, and lateral movement to other devices on the network.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as part of a botnet.

🟢

If Mitigated

Denial of service causing router reboot or temporary unavailability if exploit attempts fail or are blocked.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects internet-facing router interfaces.

🏢 Internal Only: MEDIUM - While primarily an internet-facing risk, internal attackers could also exploit this if they gain network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists in GitHub repositories, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. If available, download the latest firmware. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the vulnerable web interface

Log into router admin → System Tools → Remote Management → Disable

Network Segmentation

all

Isolate the router from critical internal networks

Use firewall rules to restrict router access to management VLAN only

🧯 If You Can't Patch

Replace the vulnerable router with a different model that receives security updates
Place the router behind a dedicated firewall with strict inbound filtering rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

Log into router web interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.0.0.1

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SafeEmailFilter
Multiple failed exploit attempts
Router reboot logs without user action

Network Indicators:

Unusual outbound connections from router
Traffic patterns suggesting device compromise
Exploit kit traffic targeting router IP

SIEM Query:

source="router_logs" AND (uri="/goform/SafeEmailFilter" OR message="memory corruption" OR message="exploit attempt")

📊 Metadata

CVE ID: CVE-2025-11423

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.31% exploit probability (53.6th percentile)

Published: October 8, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/f000x0/cve/issues/7 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.327358 Permissions Required,VDB Entry
https://vuldb.com/?id.327358 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.666009 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11423, you might also want to check these: