Cyber Resilience

CVE-2025-9813

High

Published: 02 September 2025

Published
02 September 2025
Modified
04 September 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0046 64.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9813 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-9813 is a buffer overflow vulnerability in the Tenda CH22 router firmware version 1.0.0.1. The flaw affects the formSetSambaConf function in the /goform/SetSambaConf file, where manipulation of the samba_userNameSda argument triggers the overflow. Classified under CWE-119 and CWE-120, it was published on 2025-09-02 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker with low privileges can exploit this vulnerability remotely without user interaction. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution or denial of service. A public exploit is available, which may facilitate real-world attacks.

Advisories and further details are available via references including https://github.com/csgii/cve/issues/2, https://vuldb.com/?ctiid.322140, https://vuldb.com/?id.322140, https://vuldb.com/?submit.641151, and the vendor site at https://www.tenda.com.cn/. No specific patch or mitigation steps are detailed in the core vulnerability description.

EU & UK References

Vulnerability details

A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly…

more

available and might be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public web form (/goform/SetSambaConf) on network device firmware directly enables remote exploitation of a public-facing application for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-12232Same product: Tenda Ch22
CVE-2025-9443Same product: Tenda Ch22
CVE-2025-12265Same product: Tenda Ch22
CVE-2025-9812Same product: Tenda Ch22
CVE-2025-9007Same product: Tenda Ch22
CVE-2025-8180Same product: Tenda Ch22
CVE-2025-12274Same product: Tenda Ch22
CVE-2025-9006Same product: Tenda Ch22
CVE-2025-12234Same product: Tenda Ch22
CVE-2025-12273Same product: Tenda Ch22

Affected Assets

tenda
ch22 firmware
1.0.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Input validation directly prevents the buffer overflow by checking and sanitizing the samba_userNameSda argument in the formSetSambaConf function.

prevent

Memory protection safeguards like non-executable stacks and address randomization prevent exploitation of the buffer overflow for arbitrary code execution.

prevent

Flaw remediation through firmware patching eliminates the specific buffer overflow vulnerability in Tenda CH22 version 1.0.0.1.

References