CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2025-29031

CVSS 9.8v3.1pub. 2025-03-14upd. 2025-03-19

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.

πŸ€– AI Analysis
How it works

The vulnerability consists of a buffer overflow in the fromAddressNat function of the Tenda AC6 router software. An attacker can provide specially crafted input data that exceeds the intended buffer size in memory, causing overwriting of adjacent memory areas. Due to the network vector (AV:N) and lack of required privileges (PR:N, UI:N), the attack can be carried out remotely without any user interaction.

Impact

An attacker can gain full control over the device, including the ability to read and modify data and cause service unavailability (complete breach of confidentiality, integrity, and availability).

Mitigation & patch

Patches available from the manufacturer should be applied according to references. If an update is not available, it is recommended to restrict access to the device management panel exclusively to trusted networks and disable remote management over the internet.

Who is affected

Tenda AC6 firmware version v15.03.05.16

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac6

    HW
    Tenda
    wszystkie wersje
  • Tenda Ac6 Firmware

    OS
    Tenda
    15.03.05.16
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-52221CRITICAL9.8PL βœ“ten sam produkt

Buffer Overflow w Tenda AC6 – funkcja formSetCfm

CVE-2025-27129CRITICAL9.8PL βœ“ten sam produkt

Auth Bypass + RCE w Tenda AC6 via HTTP (CVE-2025-27129)

CVE-2025-29030CRITICAL9.8PL βœ“ten sam produkt

Buffer overflow w Tenda AC6 β€” funkcja formWifiWpsOOB

CVE-2025-29029CRITICAL9.8PL βœ“ten sam produkt

Buffer overflow w Tenda AC6 β€” funkcja formSetSpeedWan

CVE-2025-25343CRITICAL9.8PL βœ“ten sam produkt

Buffer overflow w Tenda AC6 – funkcja formexeCommand

CVE-2025-29031 β€” Tenda β€” Ac6 β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl