CVE-2025-12236 is a buffer overflow vulnerability identified in the Tenda CH22 router firmware version 1.0.0.1. The flaw exists in the fromDhcpListClient function within the /goform/DhcpListClient endpoint, where improper handling of the 'page' argument allows an attacker to overflow a buffer. This vulnerability can be exploited remotely over the network without requiring authentication or user interaction, making it highly accessible to attackers. The buffer overflow can lead to arbitrary code execution, enabling attackers to take control of the device, disrupt network operations, or pivot into internal networks. The CVSS 4.0 base score is 8.7, reflecting high severity due to the ease of exploitation (network vector, low attack complexity, no privileges or user interaction needed) and the potential for full compromise of the device's confidentiality, integrity, and availability. While no exploits are currently known to be active in the wild, the public disclosure of exploit details increases the likelihood of imminent attacks. The vulnerability affects only version 1.0.0.1 of the Tenda CH22 firmware, and no official patches have been linked yet, indicating an urgent need for vendor response or interim mitigations.

The exploitation of this vulnerability could have severe consequences for organizations worldwide. Compromise of Tenda CH22 routers can lead to unauthorized access to internal networks, interception or manipulation of network traffic, and disruption of network services. Attackers could deploy malware, establish persistent backdoors, or use the compromised routers as pivot points for further attacks within corporate or governmental networks. This risk is particularly critical for organizations relying on these routers in sensitive environments such as enterprise networks, critical infrastructure, or government agencies. The vulnerability's remote exploitability without authentication increases the attack surface significantly, potentially enabling widespread automated attacks or worm-like propagation. The lack of current patches or mitigations further exacerbates the threat, making timely response essential to prevent data breaches, service outages, or espionage activities.

Organizations should immediately assess their network environments for the presence of Tenda CH22 routers running firmware version 1.0.0.1. In the absence of an official patch, network administrators should implement strict network segmentation to isolate vulnerable devices from critical assets and restrict access to the /goform/DhcpListClient endpoint via firewall rules or access control lists. Deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting this vulnerability or anomalous traffic patterns related to the exploit can help detect and block exploitation attempts. Monitoring network traffic for unusual requests to the affected endpoint and unusual device behavior is recommended. Where possible, replace vulnerable devices with updated hardware or firmware versions once patches become available. Additionally, vendors and users should coordinate to expedite patch development and deployment. Regular backups and incident response plans should be updated to address potential compromise scenarios involving this vulnerability.