CVE-2025-60339 identifies multiple buffer overflow vulnerabilities in the openSchedWifi function of the Tenda AC6 router firmware version 15.03.06.50. The vulnerability arises from improper handling of the schedStartTime and schedEndTime parameters, which accept user-supplied input without adequate bounds checking. An attacker can craft malicious payloads targeting these parameters to overflow internal buffers, leading to memory corruption. This corruption can cause the router to crash or reboot, resulting in a denial of service (DoS) condition that disrupts network availability. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, increasing the attack surface. The CVSS 3.1 base score of 7.5 reflects the high severity due to the ease of exploitation (network vector, low complexity), no privileges or user interaction needed, and the impact limited to availability (no confidentiality or integrity loss). Although no public exploits are currently known, the presence of such a vulnerability in widely deployed consumer and small business routers poses a significant risk. The CWE-120 classification confirms this is a classic buffer overflow issue, which may also open avenues for further exploitation if combined with other vulnerabilities. The lack of available patches at the time of publication necessitates immediate mitigation through network controls and monitoring.

For European organizations, this vulnerability can cause significant network disruptions by rendering Tenda AC6 routers inoperative through denial of service attacks. This can affect business continuity, especially for small and medium enterprises relying on these routers for internet connectivity and internal network access. The loss of router availability may lead to downtime, impacting productivity and potentially causing financial losses. In critical infrastructure or service provider environments where Tenda devices are deployed, the impact could extend to broader service outages. Since the vulnerability does not compromise confidentiality or integrity, data breaches are unlikely; however, the availability impact alone can be severe. The ease of remote exploitation without authentication means attackers can launch attacks from anywhere, increasing the risk of widespread disruption. European organizations with limited IT security resources may find it challenging to detect and respond to such attacks promptly. Additionally, the potential for attackers to use this vulnerability as a stepping stone for further attacks on network infrastructure cannot be discounted.

1. Monitor Tenda’s official channels for firmware updates addressing CVE-2025-60339 and apply patches immediately upon release. 2. Restrict access to router management interfaces by implementing network segmentation and firewall rules that limit access to trusted IP addresses only. 3. Disable remote management features on Tenda AC6 routers unless absolutely necessary, reducing exposure to external attackers. 4. Employ intrusion detection/prevention systems (IDS/IPS) to monitor for anomalous traffic patterns targeting schedStartTime and schedEndTime parameters or unusual router behavior indicative of exploitation attempts. 5. Conduct regular network audits to identify Tenda AC6 devices and assess their firmware versions to prioritize patching. 6. Educate network administrators on recognizing signs of router instability or DoS conditions potentially caused by exploitation of this vulnerability. 7. Consider deploying network redundancy and failover mechanisms to maintain connectivity in case of router failure. 8. For organizations using Tenda AC6 routers in critical roles, evaluate alternative hardware with better security track records to reduce future risk.