How to fix CVE-2025-5854?

Within 24 hours: Identify all Tenda AC6 devices running firmware 15.03.05.16 in your environment and isolate them from critical networks if possible; notify affected business units. Within 7 days: Check Tenda's website for firmware updates; if available, prioritize patching in lab environment first. Within 30 days: Complete deployment of patches to all affected devices or replace with alternative vendors; implement network monitoring for suspicious activity on these devices.

Is Ac6 Firmware affected by CVE-2025-5854?

A critical buffer overflow vulnerability in Tenda AC6 wireless routers (v15.03.05.16) allows remote attackers to compromise affected devices without authentication.

CVE-2025-5854

EUVD-2025-17418 HIGH

2025-06-09 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17418

PoC Detected

Jun 09, 2025 - 19:03 vuln.today

Public exploit code

CVE Published

Jun 09, 2025 - 01:15 nvd

HIGH 8.8

Description

A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical remote buffer overflow vulnerability in Tenda AC6 firmware version 15.03.05.16 affecting the LAN IP configuration endpoint. An authenticated remote attacker can exploit improper input validation in the lanMask parameter of the /goform/AdvSetLanip function to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this an active threat with elevated real-world risk despite the authentication requirement.

Technical Context

The vulnerability exists in the Tenda AC6 wireless router's web management interface, specifically in the AdvSetLanip form handler function. The lanMask parameter, intended to receive a dotted-decimal subnet mask (e.g., 255.255.255.0), lacks proper bounds checking before being written to a fixed-size stack buffer. This is a classic CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) stack-based buffer overflow. The affected CPE is cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*. The /goform/AdvSetLanip endpoint is part of Tenda's HTTP-based router administration API, exposed on the default management interface (typically port 80/443). The use of strcpy() or similar unsafe string functions without length validation in C-based firmware is the likely root cause.

Affected Products

Tenda AC6 (['15.03.05.16'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: +20

CVE-2025-5854 vulnerability details – vuln.today

Back

CVE-2025-5854

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-5854

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code