CVE-2025-57528

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.7HIGH

EPSS

0.1%

top 75.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda AC6 Firmware

Timeline

PublishedSep 19

Description

An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function (uri path: SetCfm).

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:LExploitability: 2.2 | Impact: 5.5

Affected Packages1 packages

▶NVDtenda/ac6_firmware15.03.05.16

🔴Vulnerability Details

GHSA

GHSA-7hfx-hmgj-p66f: An issue was discovered in Tenda AC6 US_AC6V1↗2025-09-19

▶

CVEList

CVE-2025-57528: An issue was discovered in Tenda AC6 US_AC6V1↗2025-09-19

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Tenda setcfm Multiple Parameters Buffer Overflow Attempt (CVE-2025-4298, CVE-2025-57528)↗2025-08-22

▶