Skip to main content

Ac6 Firmware CVE-2025-5855

| EUVDEUVD-2025-17421 HIGH
Buffer Overflow (CWE-119)
2025-06-09 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17421
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
PoC Detected
Jun 09, 2025 - 19:03 vuln.today
Public exploit code
CVE Published
Jun 09, 2025 - 02:15 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical stack-based buffer overflow vulnerability in Tenda AC6 firmware version 15.03.05.16 that allows authenticated remote attackers to execute arbitrary code by sending a specially crafted rebootTime parameter to the SetRebootTimer endpoint. The vulnerability has been publicly disclosed with working exploits available, posing immediate risk to deployed devices, though exploitation requires valid user credentials.

Technical ContextAI

The vulnerability exists in the formSetRebootTimer function within the /goform/SetRebootTimer web interface handler of Tenda AC6 wireless routers. The root cause is improper input validation on the rebootTime parameter (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer), which fails to perform adequate bounds checking before copying user-supplied data to a fixed-size stack buffer. This is a classic stack-based buffer overflow allowing attackers to overwrite return addresses and stack canaries. The affected product is identified as Tenda AC6 running firmware version 15.03.05.16 (CPE: cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*), a budget-segment dual-band wireless router commonly deployed in residential and small business networks.

RemediationAI

Apply latest firmware release from Tenda's official website (tenda.com.cn or regional support portal). Download firmware package for AC6 model, backup configuration, and perform factory reset before applying patch to ensure clean state.; priority: CRITICAL - Apply immediately if update available Workaround - Network Segmentation: Restrict administrative access to the router's web interface (port 80/443) to trusted IP ranges only using router-level access control lists (ACL) or external firewall rules. Limit access to the /goform/SetRebootTimer endpoint specifically if granular URL filtering is available. Workaround - Credential Management: Change default administrative credentials immediately and enforce strong, unique passwords. Disable remote management features if not required. Disable the router's WAN-accessible admin interface in router settings. Monitoring: Monitor router logs for suspicious POST requests to /goform/SetRebootTimer with unusual rebootTime parameter values (excessively long strings, binary payloads). Monitor for unexpected reboots or administrative access logs. Alternative: If firmware patch is unavailable, evaluate replacing Tenda AC6 with router model from vendor with active security support and more frequent firmware update cycles.

CVE-2024-52714 CRITICAL POC
9.8 Nov 19

Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. Rated critical

CVE-2025-25343 CRITICAL POC
9.8 Feb 12

Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. Rated critical sever

CVE-2025-29031 CRITICAL POC
9.8 Mar 14

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function. Rated critical sever

CVE-2025-29030 CRITICAL POC
9.8 Mar 14

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function. Rated critical sever

CVE-2025-29029 CRITICAL POC
9.8 Mar 14

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function. Rated critical seve

CVE-2023-40838 CRITICAL POC
9.8 Aug 30

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability. Rate

CVE-2023-40846 CRITICAL POC
9.8 Aug 28

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998. Rated critic

CVE-2023-38937 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC

CVE-2023-38936 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28,

CVE-2023-38933 CRITICAL POC
9.8 Aug 07

Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0

CVE-2023-38931 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1

CVE-2023-2923 CRITICAL POC
9.8 May 27

A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Rated critical severity (CVSS 9

Share

CVE-2025-5855 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy