CVE-2025-14526 – A buffer overflow vulnerability in Tenda CH22 r... (How to Fix)

Q: What is the severity of CVE-2025-14526?

CVE-2025-14526 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1 allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the frmL7ImForm function. This affects all users running the vulnerable firmware version. Remote exploitation is possible without authentication.

📋 TL;DR

A buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1 allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the frmL7ImForm function. This affects all users running the vulnerable firmware version. Remote exploitation is possible without authentication.

💻 Affected Systems

Products:

Tenda CH22

Versions: 1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version only. The vulnerable endpoint /goform/L7Im is accessible via HTTP requests.

📦 What is this software?

Ch22 Firmware by Tenda

View all CVEs affecting Ch22 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to gain control of the router, modify network settings, intercept traffic, and pivot to internal networks.

🟢

If Mitigated

Denial of service or limited impact if network segmentation and proper firewall rules prevent external access to the vulnerable endpoint.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploits exist, making internet-facing devices immediate targets.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but requires network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details are available on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for CH22. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and install the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Block Access to Vulnerable Endpoint

linux

Use firewall rules to block external access to /goform/L7Im endpoint

iptables -A INPUT -p tcp --dport 80 -m string --string "/goform/L7Im" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "/goform/L7Im" --algo bm -j DROP

Disable Remote Management

all

Turn off remote administration features to prevent external exploitation

🧯 If You Can't Patch

Isolate the router in a separate VLAN with strict firewall rules limiting access
Implement network monitoring and intrusion detection for suspicious traffic to /goform/L7Im

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 1.0.0.1, device is vulnerable.

Check Version:

curl -s http://router-ip/ | grep -i firmware || Check web interface

Verify Fix Applied:

After firmware update, verify version number has changed from 1.0.0.1 and test if /goform/L7Im endpoint still responds to buffer overflow attempts.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/L7Im with large 'page' parameters
Unusual process execution or memory errors in router logs

Network Indicators:

HTTP POST requests to /goform/L7Im with abnormally long parameter values
Traffic patterns suggesting buffer overflow attempts

SIEM Query:

source="router_logs" AND (url="/goform/L7Im" AND (param_size>1000 OR status_code=500))

📊 Metadata

CVE ID: CVE-2025-14526

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: December 11, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/maximdevere/CVE2/issues/5 Exploit,Issue Tracking,Third Party Advisory
https://github.com/maximdevere/CVE2/issues/5#issue-3673676260 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.335866 Permissions Required,VDB Entry
https://vuldb.com/?id.335866 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.703035 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14526, you might also want to check these: