CVE-2025-13400 – A buffer overflow vulnerability in Tenda CH22 r... (How to Fix)

Q: What is the severity of CVE-2025-13400?

CVE-2025-13400 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in Tenda CH22 routers allows remote attackers to execute arbitrary code by manipulating the chkHz parameter in the formWrlExtraGet function. This affects Tenda CH22 routers running firmware version 1.0.0.1. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A buffer overflow vulnerability in Tenda CH22 routers allows remote attackers to execute arbitrary code by manipulating the chkHz parameter in the formWrlExtraGet function. This affects Tenda CH22 routers running firmware version 1.0.0.1. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda CH22

Versions: 1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface component. Devices with default configurations are vulnerable.

📦 What is this software?

Ch22 Firmware by Tenda

View all CVEs affecting Ch22 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, persistent backdoor installation, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to reconfigure the router, intercept network traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is behind strict firewall rules, not internet-facing, and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists in GitHub repositories. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for CH22. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to the vulnerable web interface

Access router admin interface -> Advanced Settings -> Remote Management -> Disable

Restrict web interface access

all

Limit access to router management interface to trusted IPs only

Access router admin interface -> Security -> Access Control -> Add trusted IP ranges

🧯 If You Can't Patch

Isolate affected routers in a separate VLAN with strict firewall rules
Implement network monitoring for unusual traffic patterns from router devices

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 1.0.0.1, device is vulnerable.

Check Version:

Access router web interface and check System Status or Firmware Version page

Verify Fix Applied:

After updating firmware, verify version is no longer 1.0.0.1 and test that the /goform/WrlExtraGet endpoint no longer accepts malicious chkHz parameters.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/WrlExtraGet with long chkHz parameters
Multiple failed buffer overflow attempts in router logs

Network Indicators:

Unusual outbound connections from router to unknown IPs
Traffic patterns suggesting router compromise

SIEM Query:

source="router_logs" AND uri="/goform/WrlExtraGet" AND (param_length(chkHz) > 100 OR status_code=500)

📊 Metadata

CVE ID: CVE-2025-13400

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.16% exploit probability (36.9th percentile)

Published: November 19, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/f000x0/cve/issues/14 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.332926 Permissions Required,VDB Entry
https://vuldb.com/?id.332926 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.692145 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13400, you might also want to check these: