Skip to main content

Ac6 Firmware EUVDEUVD-2025-19883

| CVE-2025-50260 HIGH
Stack-based Buffer Overflow (CWE-121)
2025-07-03 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 16, 2026 - 02:12 euvd
EUVD-2025-19883
Analysis Generated
Mar 16, 2026 - 02:12 vuln.today
PoC Detected
Jul 07, 2025 - 14:40 vuln.today
Public exploit code
CVE Published
Jul 03, 2025 - 14:15 nvd
HIGH 7.5

DescriptionCVE.org

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter.

Analysis

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter.

Technical ContextAI

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Stack-based Buffer Overflow (CWE-121).

RemediationAI

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

CVE-2024-52714 CRITICAL POC
9.8 Nov 19

Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. Rated critical

CVE-2025-25343 CRITICAL POC
9.8 Feb 12

Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. Rated critical sever

CVE-2025-29031 CRITICAL POC
9.8 Mar 14

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function. Rated critical sever

CVE-2025-29030 CRITICAL POC
9.8 Mar 14

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function. Rated critical sever

CVE-2025-29029 CRITICAL POC
9.8 Mar 14

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function. Rated critical seve

CVE-2023-40838 CRITICAL POC
9.8 Aug 30

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability. Rate

CVE-2023-40846 CRITICAL POC
9.8 Aug 28

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998. Rated critic

CVE-2023-38937 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC

CVE-2023-38936 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28,

CVE-2023-38933 CRITICAL POC
9.8 Aug 07

Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0

CVE-2023-38931 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1

CVE-2023-2923 CRITICAL POC
9.8 May 27

A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Rated critical severity (CVSS 9

Share

EUVD-2025-19883 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy