CVE-2025-46035 is a high-severity buffer overflow vulnerability affecting the Tenda AC6 router firmware version 15.03.05.16. The vulnerability arises from improper handling of the schedStartTime and schedEndTime parameters in HTTP GET requests sent to the /goform/openSchedWifi endpoint. Specifically, an attacker can send an unauthenticated HTTP GET request with oversized values for these parameters, causing a buffer overflow condition. This flaw is classified under CWE-120, which pertains to classic buffer overflow issues where input data exceeds the allocated buffer size, leading to memory corruption. Exploitation does not require any authentication or user interaction, and the attack vector is network-based (AV:N), meaning the attacker can exploit the vulnerability remotely over the network. The vulnerability impacts confidentiality with a high rating, but does not affect integrity or availability directly according to the CVSS vector. However, the description mentions the potential for denial of service (DoS), indicating that the buffer overflow can crash or destabilize the device, leading to service disruption. No known exploits are currently reported in the wild, and no patches or updates have been linked yet. The vulnerability was published on June 12, 2025, with a CVSS v3.1 base score of 7.5, reflecting a high severity level. The lack of authentication and user interaction requirements combined with remote network access makes this vulnerability particularly dangerous for exposed devices. Given that Tenda AC6 is a consumer-grade Wi-Fi router commonly used in home and small office environments, exploitation could lead to network outages and potential exposure of network traffic if the device is compromised further. The vulnerability is limited to a specific firmware version, but the absence of detailed affected versions beyond 15.03.05.16 suggests that other versions may not be impacted or have not been assessed yet.

For European organizations, the primary impact of CVE-2025-46035 is the potential for denial of service on networks relying on Tenda AC6 routers, which could disrupt internet connectivity and internal communications. This is particularly critical for small and medium enterprises (SMEs) and home office setups that may use consumer-grade routers without advanced security controls. The vulnerability could be exploited by remote attackers to cause network outages without requiring authentication, increasing the risk of widespread disruption. While the direct impact on confidentiality is rated high in the CVSS vector, the description focuses on DoS, so the immediate risk is service unavailability. However, successful exploitation might also serve as a foothold for further attacks if combined with other vulnerabilities or misconfigurations. European organizations with remote or hybrid workforces that depend on stable home network equipment could face operational challenges. Additionally, sectors with critical infrastructure or sensitive data that use Tenda AC6 devices in branch offices or remote sites may experience increased risk of network instability. The lack of known exploits in the wild currently reduces immediate threat levels but does not eliminate the risk, especially as exploit code could be developed given the public disclosure. The impact is also amplified in environments where network redundancy is limited or where rapid incident response is constrained.

1. Immediate Network Segmentation: Isolate Tenda AC6 routers from critical network segments to limit potential impact of exploitation. 2. Access Control: Restrict inbound access to router management interfaces, especially the /goform/openSchedWifi endpoint, using firewall rules or network ACLs to block unauthorized external traffic. 3. Firmware Updates: Monitor Tenda’s official channels for firmware patches addressing this vulnerability and apply updates promptly once available. 4. Device Replacement: For high-risk environments, consider replacing Tenda AC6 routers with devices from vendors with robust security update practices until a patch is released. 5. Intrusion Detection: Deploy network intrusion detection systems (NIDS) with signatures or anomaly detection tuned to identify oversized HTTP GET requests targeting the vulnerable endpoint. 6. Vendor Engagement: Engage with Tenda support to obtain detailed information on affected versions and patch timelines. 7. Incident Response Preparedness: Prepare incident response plans for potential DoS events affecting network connectivity, including fallback communication methods. 8. User Awareness: Educate users about the risks of using consumer-grade routers in professional environments and encourage secure configuration practices. These mitigations go beyond generic advice by focusing on network-level controls, proactive monitoring, and organizational preparedness tailored to the specific nature of this vulnerability.