CVE-2025-11117 is a buffer overflow vulnerability identified in the Tenda CH22 router firmware version 1.0.0.1. The flaw exists in the function formWrlExtraGet, which processes requests to the /goform/GstDhcpSetSer endpoint. Specifically, the vulnerability is triggered by manipulating the 'dips' argument, causing a buffer overflow condition. This type of vulnerability can allow an attacker to overwrite memory, potentially leading to arbitrary code execution, denial of service, or system compromise. The attack vector is remote network access, requiring no authentication or user interaction, which significantly increases the risk profile. The CVSS 4.0 score of 8.7 reflects a high severity, with low attack complexity and no privileges required. The vulnerability affects only version 1.0.0.1 of the firmware, and no patches or vendor advisories have been linked yet. Although no known exploits are currently active in the wild, the public disclosure of the vulnerability means attackers could develop exploits rapidly. The vulnerability impacts the confidentiality, integrity, and availability of the affected devices, making it critical for organizations relying on these routers to address the issue promptly.

For European organizations, exploitation of CVE-2025-11117 could lead to full compromise of Tenda CH22 routers, which are often used in small to medium enterprise and home office environments. Successful exploitation could allow attackers to execute arbitrary code, disrupt network services, intercept or manipulate network traffic, and pivot into internal networks. This threatens the confidentiality of sensitive data, the integrity of network communications, and the availability of network infrastructure. Critical sectors such as finance, healthcare, and government entities using these devices could face operational disruptions and data breaches. The remote, unauthenticated nature of the vulnerability increases the likelihood of exploitation, especially in environments with exposed management interfaces or insufficient network segmentation. The lack of a patch at the time of disclosure further elevates the risk, necessitating immediate compensating controls to mitigate potential attacks.

1. Immediately isolate Tenda CH22 devices running firmware version 1.0.0.1 from untrusted networks, especially the internet, to prevent remote exploitation. 2. Implement strict firewall rules to block inbound traffic targeting the /goform/GstDhcpSetSer endpoint or suspicious HTTP requests containing the 'dips' parameter. 3. Monitor network traffic for anomalous requests to the vulnerable endpoint and deploy intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect exploitation attempts. 4. Engage with Tenda support channels to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 5. If immediate patching is not possible, consider replacing vulnerable devices with alternative hardware from vendors with timely security support. 6. Conduct network segmentation to limit access to management interfaces of routers and restrict administrative access to trusted personnel and networks only. 7. Regularly audit and update router configurations to disable unnecessary services and endpoints that could be exploited. 8. Educate IT staff about the vulnerability and encourage vigilance for signs of compromise related to this issue.