CRITICAL🇵🇱 Wersja polska

CVE-2025-52221

CVSS 9.8v3.1pub. 2026-04-08upd. 2026-04-13

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters.

🤖 AI Analysis
How it works

The vulnerability results from improper validation of input data length (CWE-787 – out-of-bounds write, CWE-120 – classic buffer overflow) in the funcname, funcpara1, and funcpara2 parameters of the formSetCfm function. An attacker can supply specially crafted values of these parameters, causing a buffer overflow in the device's memory. The network vector (AV:N), no privilege requirements (PR:N), and no user interaction required (UI:N) mean that the exploit can be performed remotely, without any authorization.

Impact

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely (RCE) on the device, which in practice means full takeover of the router, ability to intercept network traffic, and use of the device as an entry point to the local network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until the fix is implemented, it is recommended to restrict access to the device's administrative interface only to trusted IP addresses and disable remote management over WAN.

Who is affected

Tenda AC6 with firmware version 15.03.05.16_multi

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac6

    HW
    Tenda
    1.0
  • Tenda Ac6 Firmware

    OS
    Tenda
    15.03.05.16_multi
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-27129CRITICAL9.8PL ✓ten sam produkt

Auth Bypass + RCE w Tenda AC6 via HTTP (CVE-2025-27129)

CVE-2025-29031CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja fromAddressNat

CVE-2025-29030CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja formWifiWpsOOB

CVE-2025-29029CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja formSetSpeedWan

CVE-2025-25343CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 – funkcja formexeCommand