Buffer Overflow Vulnerability in Tenda W6_S Designed by Tenda
CVE-2025-28221

Currently unrated

Key Information:

Vendor: Tenda
Status: Tenda W6_S
Vendor: CVE Published:; 28 March 2025

Summary

The Tenda W6_S v1.0.0.4_510 contains a buffer overflow vulnerability in its set_local_time function. This flaw allows remote attackers to exploit the parameter 'time' sent through a POST request, potentially causing the web server to crash. This vulnerability poses a significant risk by enabling unauthorized users to disrupt the availability of the device and could lead to service interruptions.

References

https://github.com/IdaJea/IOT_vuln_1/blob/master/w6_s_v1....

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 11, 2025