Denial of Service Vulnerability in Tenda AC6 Router
CVE-2025-30256

8.6HIGH

Key Information:

Vendor: Tenda
Status: Ac6 V5.0
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-30256?

A denial of service vulnerability is present in the HTTP Header Parsing component of the Tenda AC6 router. When exploited, this flaw permits an adversary to disrupt the operation of the device through a series of specially constructed HTTP requests, which can lead to the router rebooting. Attackers can leverage this vulnerability by sending multiple crafted network packets, effectively causing an outage for users reliant on the affected device.

Affected Version(s)

AC6 V5.0 V02.03.01.110

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Discovered by Lilith >_> of Cisco Talos.

JSON