CVE-2025-5855

| EUVD-2025-17421 HIGH
2025-06-09 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17421
PoC Detected
Jun 09, 2025 - 19:03 vuln.today
Public exploit code
CVE Published
Jun 09, 2025 - 02:15 nvd
HIGH 8.8

Tags

Buffer Overflow Ac6 Firmware Tenda

Description

A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical stack-based buffer overflow vulnerability in Tenda AC6 firmware version 15.03.05.16 that allows authenticated remote attackers to execute arbitrary code by sending a specially crafted rebootTime parameter to the SetRebootTimer endpoint. The vulnerability has been publicly disclosed with working exploits available, posing immediate risk to deployed devices, though exploitation requires valid user credentials.

Technical Context

The vulnerability exists in the formSetRebootTimer function within the /goform/SetRebootTimer web interface handler of Tenda AC6 wireless routers. The root cause is improper input validation on the rebootTime parameter (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer), which fails to perform adequate bounds checking before copying user-supplied data to a fixed-size stack buffer. This is a classic stack-based buffer overflow allowing attackers to overwrite return addresses and stack canaries. The affected product is identified as Tenda AC6 running firmware version 15.03.05.16 (CPE: cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*), a budget-segment dual-band wireless router commonly deployed in residential and small business networks.

Affected Products

AC6 (['15.03.05.16'])

Remediation

Apply latest firmware release from Tenda's official website (tenda.com.cn or regional support portal). Download firmware package for AC6 model, backup configuration, and perform factory reset before applying patch to ensure clean state.; priority: CRITICAL - Apply immediately if update available Workaround - Network Segmentation: Restrict administrative access to the router's web interface (port 80/443) to trusted IP ranges only using router-level access control lists (ACL) or external firewall rules. Limit access to the /goform/SetRebootTimer endpoint specifically if granular URL filtering is available. Workaround - Credential Management: Change default administrative credentials immediately and enforce strong, unique passwords. Disable remote management features if not required. Disable the router's WAN-accessible admin interface in router settings. Monitoring: Monitor router logs for suspicious POST requests to /goform/SetRebootTimer with unusual rebootTime parameter values (excessively long strings, binary payloads). Monitor for unexpected reboots or administrative access logs. Alternative: If firmware patch is unavailable, evaluate replacing Tenda AC6 with router model from vendor with active security support and more frequent firmware update cycles.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.3
CVSS: +44
POC: +20

Share

CVE-2025-5855 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy