How to fix EUVD-2025-17419?

Within 24 hours: Inventory all Tenda AC6 15.03.05.16 devices in your environment and isolate affected units from critical network segments if operationally feasible. Within 7 days: Implement network segmentation to restrict access to the vulnerable /goform/SetRemoteWebCfg endpoint and disable remote web management features if not essential. Within 30 days: Replace affected Tenda AC6 units with alternative vendors or firmware versions once patched, and conduct network forensics to detect unauthorized access attempts during the vulnerability window.

Is Ac6 Firmware affected by EUVD-2025-17419?

A critical remote code execution vulnerability affecting Tenda AC6 routers (model 15.03.05.16) allows unauthenticated attackers to execute arbitrary code through a stack buffer overflow.

EUVD-2025-17419

| CVE-2025-5853 HIGH

2025-06-09 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17419

PoC Detected

Jun 09, 2025 - 19:04 vuln.today

Public exploit code

CVE Published

Jun 09, 2025 - 01:15 nvd

HIGH 8.8

Description

A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Technical Context

CWE-119 (Buffer Overflow). CVSS 8.8 indicates high severity. Affects A vulnerability classified as critical.

Affected Products

['A vulnerability classified as critical']

Remediation

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +44

POC: +20

EUVD-2025-17419 vulnerability details – vuln.today

Back

EUVD-2025-17419

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-17419

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code