A critical buffer overflow vulnerability in Tenda CH22 routers enables unauthenticated remote attackers to execute arbitrary code, posing a severe risk to network integrity.

The vulnerability is a stack-based buffer overflow located in the formNatlimit function of the /goform/Natlimit file. It can be triggered by an unauthenticated remote attacker through the manipulation of the page argument.

With a CVSS score of 8.8, this vulnerability represents a high-severity threat. Successful exploitation allows for complete system compromise, potentially leading to unauthorized network access, data exfiltration, or the recruitment of the device into a malicious botnet. This poses significant reputational and operational risks to organizations relying on these devices for network connectivity.

Immediate Action: Review the vendor advisory and apply firmware updates if available; if no patch exists, isolate the device from the public internet.

Proactive Monitoring: Monitor network traffic for unusual POST requests directed at the /goform/Natlimit endpoint and watch for spikes in CPU usage.

Compensating Controls: Implement a Web Application Firewall (WAF) or strict perimeter access controls to filter traffic and block unauthorized access to the router’s management interface.

Public Exploit Available: true

Given the high CVSS score and the availability of public exploits, immediate action is required to secure affected Tenda CH22 devices. Administrators must restrict remote access to the management interface and apply security patches as soon as they are released by the vendor to prevent potential unauthorized code execution.