Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.
The vulnerability consists of a buffer overflow in the fromAddressNat function of the Tenda AC6 router software. An attacker can provide specially crafted input data that exceeds the intended buffer size in memory, causing overwriting of adjacent memory areas. Due to the network vector (AV:N) and lack of required privileges (PR:N, UI:N), the attack can be carried out remotely without any user interaction.
An attacker can gain full control over the device, including the ability to read and modify data and cause service unavailability (complete breach of confidentiality, integrity, and availability).
Patches available from the manufacturer should be applied according to references. If an update is not available, it is recommended to restrict access to the device management panel exclusively to trusted networks and disable remote management over the internet.
Tenda AC6 firmware version v15.03.05.16
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac6
HWTendawszystkie wersjeTenda Ac6 Firmware
OSTenda15.03.05.16
Related vulnerabilities
Buffer Overflow w Tenda AC6 – funkcja formSetCfm
Auth Bypass + RCE w Tenda AC6 via HTTP (CVE-2025-27129)
Buffer overflow w Tenda AC6 — funkcja formWifiWpsOOB
Buffer overflow w Tenda AC6 — funkcja formSetSpeedWan
Buffer overflow w Tenda AC6 – funkcja formexeCommand