Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.
The vulnerability consists of a buffer overflow (CWE-787 — writing outside buffer boundaries) in the formSetSpeedWan function that handles WAN link speed configuration. An attacker can send a specially crafted network request containing excessively long input data, which causes overwriting of memory areas beyond the intended buffer. The lack of input data length validation allows controlled memory overwriting and potential arbitrary code execution.
An attacker can gain full control over the device by executing arbitrary code (RCE) with the privilege level of the process handling the request. This can lead to complete compromise of confidentiality, integrity, and availability of the router and the network behind it.
Patches available from the manufacturer should be applied in accordance with the references. In case no update is available, it is recommended to restrict access to the router's administrative interface only to trusted hosts and block access from external network (WAN) to the management panel.
Tenda AC6 with firmware version v15.03.05.16
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac6
HWTendawszystkie wersjeTenda Ac6 Firmware
OSTenda15.03.05.16
Related vulnerabilities
Buffer Overflow w Tenda AC6 – funkcja formSetCfm
Auth Bypass + RCE w Tenda AC6 via HTTP (CVE-2025-27129)
Buffer overflow w Tenda AC6 — funkcja fromAddressNat
Buffer overflow w Tenda AC6 — funkcja formWifiWpsOOB
Buffer overflow w Tenda AC6 – funkcja formexeCommand