Buffer Overflow Vulnerability in Tenda AC6 Router Product by Tenda
CVE-2025-50260

7.5HIGH

Key Information:

Vendor: Tenda
Status: Tenda AC6
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-50260?

The Tenda AC6 router, specifically version 15.03.05.16_multi, exhibits a buffer overflow vulnerability in the formSetFirewallCfg function. This flaw arises from improper handling of the firewallEn parameter, which could allow attackers to exploit the router's configuration. Exploiting this vulnerability could potentially lead to unauthorized access or disruption of network services, raising serious concerns for users relying on this device for secure internet connectivity.

References

https://github.com/faqiadegege/IoTVuln/blob/main/tendaAC6...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Jun 16, 2025