CVE-2025-60339 is a security vulnerability identified in the openSchedWifi function of the Tenda AC6 router firmware version 15.03.06.50. The vulnerability arises from multiple buffer overflow conditions triggered by specially crafted inputs to the schedStartTime and schedEndTime parameters. Buffer overflows occur when data exceeds the allocated buffer size, potentially overwriting adjacent memory and causing unpredictable behavior. In this case, the overflow leads to a denial of service (DoS) by crashing or destabilizing the router's scheduling functionality. The openSchedWifi function is likely responsible for managing Wi-Fi scheduling features, such as enabling or disabling wireless access at specified times. An attacker can exploit this vulnerability remotely by injecting malicious payloads into these parameters, causing the device to become unresponsive or reboot. Although no exploits have been reported in the wild, the vulnerability is publicly disclosed and could be targeted by attackers seeking to disrupt network availability. No CVSS score has been assigned yet, and no patches have been released at the time of publication. The vulnerability does not require authentication, increasing its risk profile, but successful exploitation requires the attacker to reach the router’s management interface or the service handling these parameters, which may be exposed on local or remote networks depending on configuration.

For European organizations, the primary impact of CVE-2025-60339 is the potential for denial of service on networks relying on Tenda AC6 routers. Disruption of Wi-Fi scheduling can lead to loss of connectivity for users, impacting business operations, especially in environments dependent on continuous network availability such as offices, retail locations, and public access points. The vulnerability could be exploited to cause repeated outages, leading to productivity loss and increased support costs. In critical infrastructure or industrial environments where network reliability is paramount, such disruptions could have cascading effects. Additionally, if exploited in a coordinated manner, it could be used as part of a broader attack to degrade network services. Since Tenda routers are widely used in small and medium enterprises and home offices across Europe, the scope of affected systems is significant. The lack of authentication requirement for exploitation increases the risk, particularly if router management interfaces are exposed to untrusted networks. However, the absence of known exploits and patches currently limits immediate impact.

European organizations should immediately assess their network environments to identify the presence of Tenda AC6 routers running vulnerable firmware versions. Network administrators should restrict access to router management interfaces by implementing strong firewall rules, disabling remote management if not required, and using VPNs for remote access. Monitoring network traffic for unusual requests targeting schedStartTime and schedEndTime parameters can help detect exploitation attempts. Organizations should engage with Tenda for firmware updates and apply patches as soon as they become available. In the interim, consider disabling Wi-Fi scheduling features if feasible to reduce the attack surface. Network segmentation can limit the impact of a compromised device by isolating critical systems from vulnerable routers. Regular backups of router configurations and readiness to perform device resets can aid in recovery from DoS conditions. User education on securing home and office routers is also recommended to reduce exposure.