CRITICAL🇵🇱 Wersja polska

CVE-2025-25343

CVSS 9.8v3.1pub. 2025-02-12upd. 2025-03-05

Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.

🤖 AI Analysis
How it works

The vulnerability consists of improper validation of input data size in the formexeCommand function in the Tenda AC6 router firmware. An attacker can provide specially crafted data that exceeds the size of the allocated buffer in memory (buffer overflow), which leads to overwriting adjacent memory areas. This type of error (CWE-120) allows taking control over the program execution flow.

Impact

An attacker can gain full control over the device, including confidentiality, integrity, and availability of the system – which corresponds to the highest indicators in the CVSS vector. In practice, this may mean remote code execution (RCE) on the router without the need for authentication.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. If an update is not available, it is recommended to restrict access to the device's administrative panel exclusively to trusted local networks and disable remote management over the Internet.

Who is affected

Tenda AC6 with firmware version V15.03.05.16

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac6

    HW
    Tenda
    wszystkie wersje
  • Tenda Ac6 Firmware

    OS
    Tenda
    15.03.05.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-52221CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w Tenda AC6 – funkcja formSetCfm

CVE-2025-27129CRITICAL9.8PL ✓ten sam produkt

Auth Bypass + RCE w Tenda AC6 via HTTP (CVE-2025-27129)

CVE-2025-29029CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja formSetSpeedWan

CVE-2025-29030CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja formWifiWpsOOB

CVE-2025-29031CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja fromAddressNat