What is the CVSS score of EUVD-2025-18197?

EUVD-2025-18197 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Ac6 Firmware are affected by EUVD-2025-18197?

Tenda AC6 routers (v15.03.05.16) are vulnerable to unauthenticated denial-of-service attacks that can disrupt network connectivity for affected organizations.

Is there a public PoC exploit available for EUVD-2025-18197?

Yes, a public proof-of-concept exploit is available for EUVD-2025-18197. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-18197?

Within 24 hours: Inventory all Tenda AC6 v15.03.05.16 devices in your environment and restrict network access to the /goform/openSchedWifi endpoint. Within 7 days: Implement WAF rules blocking oversized schedStartTime and schedEndTime parameters to all affected devices, and isolate critical routers behind additional network segmentation. Within 30 days: Plan replacement or upgrade of Tenda AC6 devices with patched alternatives, prioritizing devices in production and critical network paths.

Ac6 Firmware EUVD-2025-18197

| CVE-2025-46035 HIGH

Classic Buffer Overflow (CWE-120)

2025-06-12 cve@mitre.org

Buffer Overflow Denial Of Service Ac6 Firmware Tenda

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:20 euvd

EUVD-2025-18197

Analysis Generated

Mar 14, 2026 - 21:20 vuln.today

PoC Detected

Jun 17, 2025 - 20:32 vuln.today

Public exploit code

CVE Published

Jun 12, 2025 - 16:15 nvd

HIGH 7.5

DescriptionCVE.org

Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint

AnalysisAI

A buffer overflow vulnerability exists in Tenda AC6 router firmware version 15.03.05.16 that allows unauthenticated remote attackers to trigger a denial of service condition by sending oversized parameters (schedStartTime and schedEndTime) to the /goform/openSchedWifi endpoint. The vulnerability is network-accessible without authentication or user interaction, making it trivially exploitable for DoS attacks against affected routers. While the CVSS score indicates high severity (7.5), the actual impact appears limited to availability (DoS only), with no confirmed code execution or data disclosure capability.

Technical ContextAI

This vulnerability is a classic CWE-120 (Buffer Over-read) occurring in the HTTP request handling layer of Tenda AC6's web-based management interface. The /goform/openSchedWifi endpoint processes schedule-related parameters without proper input validation or bounds checking on the schedStartTime and schedEndTime fields. Tenda AC6 (CPE: cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*) is a consumer Wi-Fi router running proprietary firmware with an embedded HTTP server that parses these parameters directly into fixed-size stack or heap buffers. The firmware version 15.03.05.16 fails to implement adequate length validation before copying user-supplied data, allowing attackers to overflow adjacent memory structures. The endpoint is accessible over HTTP without CSRF tokens or session authentication, exposing the vulnerability to any network-adjacent attacker.

RemediationAI

patch: Apply latest firmware patch when available from Tenda workaround: Disable WAN-accessible HTTP administration; configure access control lists (ACLs) to restrict /goform/* endpoints to internal network only mitigation: Implement WAF or IPS rule matching: User-Agent or POST/GET to /goform/openSchedWifi with Content-Length > threshold monitoring: Enable router logging and alert on 4xx/5xx errors to /goform/* paths

EUVD-2025-18197 vulnerability details – vuln.today

Back

Ac6 Firmware EUVD-2025-18197

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code