CVE-2025-12273 – CVE-2025-12273 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-12273?

CVE-2025-12273 has a CVSS score of 8.8 (HIGH). CVE-2025-12273 is a buffer overflow vulnerability in Tenda CH22 routers affecting version 1.0.0.1. Attackers can remotely exploit this by manipulating the 'page' parameter in the webExcptypemanFilter function, potentially leading to arbitrary code execution. This affects all users running the vulnerable firmware version.

📋 TL;DR

CVE-2025-12273 is a buffer overflow vulnerability in Tenda CH22 routers affecting version 1.0.0.1. Attackers can remotely exploit this by manipulating the 'page' parameter in the webExcptypemanFilter function, potentially leading to arbitrary code execution. This affects all users running the vulnerable firmware version.

💻 Affected Systems

Products:

Tenda CH22

Versions: 1.0.0.1

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface. No special configuration required for exploitation.

📦 What is this software?

Ch22 Firmware by Tenda

View all CVEs affecting Ch22 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers could execute arbitrary code with root privileges, gaining complete control of the router to intercept traffic, deploy malware, or pivot to internal networks.

🟠

Likely Case

Remote code execution leading to router compromise, enabling traffic interception, DNS hijacking, or botnet recruitment.

🟢

If Mitigated

If properly segmented and firewalled, impact could be limited to the router itself without lateral movement to other systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available on GitHub. Attack requires network access to router's web interface (typically port 80/443).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router's web interface

Access router admin > Advanced > Remote Management > Disable

Network Segmentation

linux

Isolate router management interface to trusted network

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_NET -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_NET -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Replace affected router with different model/vendor
Implement strict network access controls to limit exposure to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 1.0.0.1, device is vulnerable.

Check Version:

curl -s http://router-ip/ | grep -i 'firmware' or check admin interface System Status page

Verify Fix Applied:

Verify firmware version has changed from 1.0.0.1 to a newer version.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/webExcptypemanFilter
Multiple failed buffer overflow attempts
Unexpected router reboots or configuration changes

Network Indicators:

Unusual traffic patterns from router
DNS queries to malicious domains from router
Outbound connections from router to suspicious IPs

SIEM Query:

source="router_logs" AND (uri="/goform/webExcptypemanFilter" OR message="buffer overflow")

📊 Metadata

CVE ID: CVE-2025-12273

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.19% exploit probability (40.6th percentile)

Published: October 27, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/QIU-DIE/CVE/issues/22 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.329945 Permissions Required,VDB Entry
https://vuldb.com/?id.329945 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.674161 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://github.com/QIU-DIE/CVE/issues/22 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12273, you might also want to check these: