Skip to main content

Ac6 Firmware CVE-2025-50528

| EUVDEUVD-2025-19377 HIGH
Stack-based Buffer Overflow (CWE-121)
2025-06-27 cve@mitre.org
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 16, 2026 - 00:16 euvd
EUVD-2025-19377
Analysis Generated
Mar 16, 2026 - 00:16 vuln.today
PoC Detected
Jul 01, 2025 - 18:14 vuln.today
Public exploit code
CVE Published
Jun 27, 2025 - 14:15 nvd
HIGH 7.3

DescriptionCVE.org

A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter.

Analysis

A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter.

Technical ContextAI

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Stack-based Buffer Overflow (CWE-121).

RemediationAI

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

CVE-2024-52714 CRITICAL POC
9.8 Nov 19

Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. Rated critical

CVE-2025-25343 CRITICAL POC
9.8 Feb 12

Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. Rated critical sever

CVE-2025-29031 CRITICAL POC
9.8 Mar 14

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function. Rated critical sever

CVE-2025-29030 CRITICAL POC
9.8 Mar 14

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function. Rated critical sever

CVE-2025-29029 CRITICAL POC
9.8 Mar 14

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function. Rated critical seve

CVE-2023-40838 CRITICAL POC
9.8 Aug 30

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability. Rate

CVE-2023-40846 CRITICAL POC
9.8 Aug 28

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998. Rated critic

CVE-2023-38937 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC

CVE-2023-38936 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28,

CVE-2023-38933 CRITICAL POC
9.8 Aug 07

Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0

CVE-2023-38931 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1

CVE-2023-2923 CRITICAL POC
9.8 May 27

A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Rated critical severity (CVSS 9

Share

CVE-2025-50528 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy