CVE-2025-12274 – A buffer overflow vulnerability in Tenda CH22 r... (How to Fix)

Q: What is the severity of CVE-2025-12274?

CVE-2025-12274 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1 allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fromP2pListFilter function. This affects all users running the vulnerable firmware on Tenda CH22 routers. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1 allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fromP2pListFilter function. This affects all users running the vulnerable firmware on Tenda CH22 routers. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Tenda CH22

Versions: 1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Ch22 Firmware by Tenda

View all CVEs affecting Ch22 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, credential theft, network traffic interception, and lateral movement into connected devices.

🟠

Likely Case

Router compromise allowing attackers to change DNS settings, intercept traffic, or use the router as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and external access is restricted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making this easily weaponizable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface from general network traffic

🧯 If You Can't Patch

Replace affected Tenda CH22 routers with different models or brands
Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Access router admin interface and check firmware version in system settings. If version is 1.0.0.1, device is vulnerable.

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

After firmware update, verify version number is no longer 1.0.0.1 and test if /goform/P2pListFilter endpoint still responds.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/P2pListFilter with large 'page' parameter values
Unusual process execution or memory errors in router logs

Network Indicators:

External IP addresses accessing router management interface
Unusual traffic patterns from router to external hosts

SIEM Query:

source="router_logs" AND (uri="/goform/P2pListFilter" OR process="buffer overflow")

📊 Metadata

CVE ID: CVE-2025-12274

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.1% exploit probability (28.2th percentile)

Published: October 27, 2025

Last Updated: October 28, 2025

🔗 References

https://github.com/QIU-DIE/CVE/issues/23 Exploit,Issue Tracking
https://vuldb.com/?ctiid.329946 Permissions Required,VDB Entry
https://vuldb.com/?id.329946 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.674165 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://github.com/QIU-DIE/CVE/issues/23 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12274, you might also want to check these: