Cyber Posture

CVE-2025-9813

High

Published: 02 September 2025

Published
02 September 2025
Modified
04 September 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0032 54.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9813 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ch22 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Input validation directly prevents the buffer overflow by checking and sanitizing the samba_userNameSda argument in the formSetSambaConf function.

SI-16 Memory Protection good match
prevent

Memory protection safeguards like non-executable stacks and address randomization prevent exploitation of the buffer overflow for arbitrary code execution.

SI-2 Flaw Remediation good match
prevent

Flaw remediation through firmware patching eliminates the specific buffer overflow vulnerability in Tenda CH22 version 1.0.0.1.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in public web form (/goform/SetSambaConf) on network device firmware directly enables remote exploitation of a public-facing application for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly…

more

available and might be used.

Deeper analysisAI

CVE-2025-9813 is a buffer overflow vulnerability in the Tenda CH22 router firmware version 1.0.0.1. The flaw affects the formSetSambaConf function in the /goform/SetSambaConf file, where manipulation of the samba_userNameSda argument triggers the overflow. Classified under CWE-119 and CWE-120, it was published on 2025-09-02 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker with low privileges can exploit this vulnerability remotely without user interaction. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution or denial of service. A public exploit is available, which may facilitate real-world attacks.

Advisories and further details are available via references including https://github.com/csgii/cve/issues/2, https://vuldb.com/?ctiid.322140, https://vuldb.com/?id.322140, https://vuldb.com/?submit.641151, and the vendor site at https://www.tenda.com.cn/. No specific patch or mitigation steps are detailed in the core vulnerability description.

Details

CWE(s)
CWE-119CWE-120

Affected Products

tenda
ch22 firmware
1.0.0.1

CVEs Like This One

CVE-2025-12232Same product: Tenda Ch22
CVE-2025-12274Same product: Tenda Ch22
CVE-2025-9812Same product: Tenda Ch22
CVE-2025-8180Same product: Tenda Ch22
CVE-2025-12265Same product: Tenda Ch22
CVE-2025-9006Same product: Tenda Ch22
CVE-2025-9007Same product: Tenda Ch22
CVE-2025-9443Same product: Tenda Ch22
CVE-2025-12273Same product: Tenda Ch22
CVE-2025-13288Same product: Tenda Ch22

References