How to fix CVE-2025-70252?

Within 24 hours: Identify and inventory all Tenda AC6V2.0 devices running firmware V15.03.06.23_multi across the organization; disable WPS functionality on all affected devices immediately via administrative interfaces. Within 7 days: Evaluate network segmentation to isolate affected routers from critical systems; implement network access controls to restrict WPS-related traffic; document findings and mitigation status. Within 30 days: Monitor Tenda security advisories for patch availability; develop a device replacement or upgrade strategy; conduct network access audits to detect any unauthorized access attempts during the vulnerability window.

Is Stack Overflow affected by CVE-2025-70252?

A high-severity vulnerability in Tenda AC6V2.0 wireless routers allows remote attackers to manipulate WiFi Protected Setup (WPS) functions through uncontrolled parameters, potentially leading to unauthorized network access or device compromise.

CVE-2025-70252

HIGH

2026-03-02 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 06, 2026 - 21:04 vuln.today

Public exploit code

CVE Published

Mar 02, 2026 - 17:16 nvd

HIGH 7.5

Description

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.

Analysis

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. [CVSS 7.5 HIGH]

Technical Context

Classified as CWE-121 (Stack-based Buffer Overflow). Affects Ac6 Firmware. An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.

Affected Products

Vendor: Tenda. Product: Ac6 Firmware. Versions: up to 15.03.06.23_multi.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: +20

CVE-2025-70252 vulnerability details – vuln.today

Back

CVE-2025-70252

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-70252

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code