CVE-2025-14526

high

Description

A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

References

https://vuldb.com/?submit.703035

https://vuldb.com/?id.335866

https://github.com/maximdevere/CVE2/issues/5#issue-3673676260

https://www.tenda.com.cn/

https://vuldb.com/?ctiid.335866

https://github.com/maximdevere/CVE2/issues/5

Details

Source: Mitre, NVD

Published: 2025-12-11

Updated: 2026-02-24

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00088