CRITICAL🇵🇱 Wersja polska

CVE-2025-29029

CVSS 9.8v3.1pub. 2025-03-14upd. 2025-03-18

Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.

🤖 AI Analysis
How it works

The vulnerability consists of a buffer overflow (CWE-787 — writing outside buffer boundaries) in the formSetSpeedWan function that handles WAN link speed configuration. An attacker can send a specially crafted network request containing excessively long input data, which causes overwriting of memory areas beyond the intended buffer. The lack of input data length validation allows controlled memory overwriting and potential arbitrary code execution.

Impact

An attacker can gain full control over the device by executing arbitrary code (RCE) with the privilege level of the process handling the request. This can lead to complete compromise of confidentiality, integrity, and availability of the router and the network behind it.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. In case no update is available, it is recommended to restrict access to the router's administrative interface only to trusted hosts and block access from external network (WAN) to the management panel.

Who is affected

Tenda AC6 with firmware version v15.03.05.16

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac6

    HW
    Tenda
    wszystkie wersje
  • Tenda Ac6 Firmware

    OS
    Tenda
    15.03.05.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-52221CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w Tenda AC6 – funkcja formSetCfm

CVE-2025-27129CRITICAL9.8PL ✓ten sam produkt

Auth Bypass + RCE w Tenda AC6 via HTTP (CVE-2025-27129)

CVE-2025-29031CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja fromAddressNat

CVE-2025-29030CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja formWifiWpsOOB

CVE-2025-25343CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 – funkcja formexeCommand