CVE-2025-5855 is a critical stack-based buffer overflow vulnerability identified in the Tenda AC6 router firmware version 15.03.05.16. The flaw exists in the function formSetRebootTimer within the /goform/SetRebootTimer endpoint. Specifically, the vulnerability arises from improper handling of the rebootTime argument, which can be manipulated by an attacker to overflow a stack buffer. This overflow can lead to arbitrary code execution or cause the device to crash, resulting in denial of service. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, making it highly dangerous. The CVSS 4.0 base score is 8.7, indicating a high severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L), and no user interaction (UI:N). The vulnerability impacts confidentiality, integrity, and availability at a high level (VC:H, VI:H, VA:H). Although no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the risk of active exploitation. The vulnerability affects a specific firmware version of the Tenda AC6 router, a consumer-grade networking device commonly used in home and small office environments. The lack of available patches at the time of disclosure further elevates the urgency for mitigation.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Tenda AC6 routers in their network infrastructure. Successful exploitation could allow attackers to execute arbitrary code remotely, potentially gaining control over the router. This could lead to interception or manipulation of network traffic, disruption of internet connectivity, and compromise of internal network security. The impact is particularly severe for small and medium enterprises (SMEs) and home offices that may use consumer-grade routers without advanced security controls or monitoring. Additionally, critical infrastructure or organizations with remote workforces using vulnerable devices could face increased exposure. The compromise of routers can serve as a foothold for lateral movement within networks or as a platform for launching further attacks, including data exfiltration or ransomware. Given the router’s role as a network gateway, the confidentiality, integrity, and availability of organizational data and services are at risk.

1. Immediate identification of all Tenda AC6 routers running firmware version 15.03.05.16 within the network is essential. 2. Disable remote management features on the router to reduce exposure to external attacks. 3. Restrict access to the /goform/SetRebootTimer endpoint by implementing network-level controls such as firewall rules or access control lists (ACLs) to limit access to trusted IP addresses only. 4. Monitor network traffic for unusual patterns or attempts to exploit the rebootTime parameter. 5. Contact Tenda support or regularly check official channels for firmware updates or patches addressing CVE-2025-5855 and apply them promptly once available. 6. As a temporary measure, consider replacing vulnerable routers with devices from vendors with timely security update practices. 7. Educate IT staff about the vulnerability and ensure incident response plans include steps for router compromise scenarios. 8. Employ network segmentation to isolate vulnerable devices from critical systems to limit potential damage.