Tenda Ac6 Firmware vulnerabilities

CVE-2025-30256 [HIGH] CWE-772 CVE-2025-30256: A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability.

CVE-2025-55503 [HIGH] CWE-121 CVE-2025-55503: Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function.

CVE-2025-55482 [HIGH] CWE-121 CVE-2025-55482: Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function. Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function.

CVE-2025-55498 [HIGH] CWE-121 CVE-2025-55498: Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in t Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.

CVE-2025-55499 [MEDIUM] CWE-120 CVE-2025-55499: Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function.

CVE-2025-7914 [HIGH] CWE-119 CVE-2025-7914: A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely.

CVE-2025-50263 [HIGH] CWE-120 CVE-2025-50263: Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.

CVE-2025-50258 [HIGH] CWE-120 CVE-2025-50258: Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter.

CVE-2025-50262 [HIGH] CWE-120 CVE-2025-50262: Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter.

CVE-2025-50260 [HIGH] CWE-121 CVE-2025-50260: Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter.

CVE-2025-50641 [MEDIUM] CWE-120 CVE-2025-50641: Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via th Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.

CVE-2025-50528 [HIGH] CWE-121 CVE-2025-50528: A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05 A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter.

CVE-2025-46035 [HIGH] CWE-120 CVE-2025-46035: Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint

CVE-2025-5854 [HIGH] CWE-119 CVE-2025-5854: A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5855 [HIGH] CWE-119 CVE-2025-5855: A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be us

CVE-2025-5853 [HIGH] CWE-119 CVE-2025-5853: A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerab A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be us

CVE-2025-5852 [HIGH] CWE-119 CVE-2025-5852: A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the func A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-44172 [MEDIUM] CWE-121 CVE-2025-44172: Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setS Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.

CVE-2025-29121 [HIGH] CWE-121 CVE-2025-29121: A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based buffer overflow.

CVE-2025-29029 [CRITICAL] CWE-787 CVE-2025-29029: Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function. Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.