How to fix EUVD-2025-18197?

Within 24 hours: Inventory all Tenda AC6 v15.03.05.16 devices in your environment and restrict network access to the /goform/openSchedWifi endpoint. Within 7 days: Implement WAF rules blocking oversized schedStartTime and schedEndTime parameters to all affected devices, and isolate critical routers behind additional network segmentation. Within 30 days: Plan replacement or upgrade of Tenda AC6 devices with patched alternatives, prioritizing devices in production and critical network paths.

Is Ac6 Firmware affected by EUVD-2025-18197?

Tenda AC6 routers (v15.03.05.16) are vulnerable to unauthenticated denial-of-service attacks that can disrupt network connectivity for affected organizations.

EUVD-2025-18197

| CVE-2025-46035 HIGH

2025-06-12 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 21:20 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:20 euvd

EUVD-2025-18197

PoC Detected

Jun 17, 2025 - 20:32 vuln.today

Public exploit code

CVE Published

Jun 12, 2025 - 16:15 nvd

HIGH 7.5

Description

Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint

Analysis

A buffer overflow vulnerability exists in Tenda AC6 router firmware version 15.03.05.16 that allows unauthenticated remote attackers to trigger a denial of service condition by sending oversized parameters (schedStartTime and schedEndTime) to the /goform/openSchedWifi endpoint. The vulnerability is network-accessible without authentication or user interaction, making it trivially exploitable for DoS attacks against affected routers. While the CVSS score indicates high severity (7.5), the actual impact appears limited to availability (DoS only), with no confirmed code execution or data disclosure capability.

Technical Context

This vulnerability is a classic CWE-120 (Buffer Over-read) occurring in the HTTP request handling layer of Tenda AC6's web-based management interface. The /goform/openSchedWifi endpoint processes schedule-related parameters without proper input validation or bounds checking on the schedStartTime and schedEndTime fields. Tenda AC6 (CPE: cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*) is a consumer Wi-Fi router running proprietary firmware with an embedded HTTP server that parses these parameters directly into fixed-size stack or heap buffers. The firmware version 15.03.05.16 fails to implement adequate length validation before copying user-supplied data, allowing attackers to overflow adjacent memory structures. The endpoint is accessible over HTTP without CSRF tokens or session authentication, exposing the vulnerability to any network-adjacent attacker.

Affected Products

AC6 (['15.03.05.16'])

Remediation

patch: Apply latest firmware patch when available from Tenda workaround: Disable WAN-accessible HTTP administration; configure access control lists (ACLs) to restrict /goform/* endpoints to internal network only mitigation: Implement WAF or IPS rule matching: User-Agent or POST/GET to /goform/openSchedWifi with Content-Length > threshold monitoring: Enable router logging and alert on 4xx/5xx errors to /goform/* paths

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: +20

EUVD-2025-18197 vulnerability details – vuln.today

Back

EUVD-2025-18197

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-18197

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code