Buffer Overflow Vulnerability in Tenda AC6 Network Device
CVE-2025-7914

8.8HIGH

Key Information:

Vendor: Tenda
Status: Tenda AC6
Vendor: CVE Published:; 21 July 2025

What is CVE-2025-7914?

A vulnerability exists in the Tenda AC6 router's setparentcontrolinfo function, which is part of the httpd component. This issue can lead to a buffer overflow, allowing an attacker to manipulate the device remotely. Exploitation of this vulnerability can compromise the security of the network, emphasizing the need for prompt updates and protective measures.

References

https://github.com/gaochen61/IoTVuln/blob/main/Tenda_AC6_...

https://vuldb.com/?ctiid.317029

https://vuldb.com/?id.317029

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025