CVE-2025-11423

Published: Oct 8, 2025Modified: Feb 24, 2026

8.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing a manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Affected (1)

Products: Tenda: Ch22 Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ch22 Firmware	Version 1.0.0.1

Running on/with	Platform Versions
Tenda Ch22	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (5)

https://github.com/f000x0/cve/issues/7

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.327358

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.327358

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.666009

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Source: cna@vuldb.com

Product

Timeline

No history available yet.