This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Tenda CH22 has a **Buffer Overflow** vulnerability. π **Consequences**: Memory corruption occurs due to improper handling of the `page` parameter in `/goform/SafeEmailFilter`.β¦
π’ **Vendor**: Tenda (China). π¦ **Product**: CH22 Router. π **Affected Version**: **1.0.0.1** specifically. Check your firmware version immediately!
Q4What can hackers do? (Privileges/Data)
π **Impact**: CVSS Score is **High (9.8)**. π― **Capabilities**: Attackers can achieve **Complete Confidentiality**, **Integrity**, and **Availability** loss. Essentially, **full system control** is possible.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: **LOW**. π **Network**: Attack Vector is **Network (AV:N)**. π **Auth**: **No Privileges Required (PR:N)**. π±οΈ **User Interaction**: **None (UI:N)**. You can exploit this remotely without logging in.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Exploit Status**: Public references exist on GitHub and VDB. π **Tags**: Marked as `exploit` and `issue-tracking`.β¦
π§ **Workaround**: If no patch is available, **restrict network access** to the management interface. π« **Block**: Block external access to port 80/443 and the `/goform/` endpoints.β¦
π₯ **Urgency**: **CRITICAL**. π¨ **Priority**: **Immediate Action Required**. With a CVSS of 9.8 and no auth required, this is a **high-priority** vulnerability. Patch or isolate immediately!