A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 03 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda i22 Firmware
CPEs cpe:2.3:h:tenda:i22:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:i22_firmware:1.0.0.3\(4687\):*:*:*:*:*:*:*
Vendors & Products Tenda i22 Firmware

Sat, 23 Aug 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda i22
Vendors & Products Tenda
Tenda i22

Thu, 21 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 21 Aug 2025 12:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Title Tenda i22 wxportalauth formWeixinAuthInfoGet stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-21T13:24:53.066Z

Reserved: 2025-08-21T05:20:16.875Z

Link: CVE-2025-9297

cve-icon Vulnrichment

Updated: 2025-08-21T13:24:40.329Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-21T13:15:37.067

Modified: 2025-09-03T14:59:33.497

Link: CVE-2025-9297

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-23T10:55:40Z