CVE-2025-60340 is a buffer overflow vulnerability identified in the SetClientState function of Tenda AC6 routers running firmware version 15.03.06.50. The vulnerability arises from improper handling of input parameters—specifically limitSpeed, deviceId, and limitSpeedUp—allowing attackers to inject crafted payloads that overflow internal buffers. This leads to a denial of service (DoS) condition by crashing or destabilizing the router's firmware, thereby disrupting network connectivity. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, increasing its risk profile. The underlying weakness is classified under CWE-120 (Classic Buffer Overflow), which is a common and critical software flaw. Although no exploits have been observed in the wild, the ease of exploitation and the potential impact on network availability make this a significant threat. The CVSS v3.1 base score of 7.5 reflects a high severity, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impact limited to availability (A:H) without affecting confidentiality or integrity. No patches have been published yet, so affected users must rely on interim mitigations.

For European organizations, the primary impact is the potential disruption of network services due to router crashes caused by the buffer overflow. This can lead to downtime affecting business operations, especially for organizations relying on Tenda AC6 routers for critical connectivity. While confidentiality and integrity are not directly impacted, the loss of availability can hinder communication, remote work, and access to cloud services. Sectors such as small and medium enterprises, educational institutions, and home office environments that commonly deploy consumer-grade routers like Tenda AC6 are particularly vulnerable. Additionally, any critical infrastructure or service providers using these devices could face operational interruptions. The lack of authentication requirement and ease of exploitation increase the risk of automated attacks targeting exposed routers, potentially leading to widespread denial of service incidents.

1. Immediately restrict remote management access to Tenda AC6 routers by disabling WAN-side administration or limiting it to trusted IP addresses. 2. Implement network segmentation to isolate vulnerable routers from critical systems and sensitive data. 3. Monitor network traffic for unusual or malformed packets targeting the limitSpeed, deviceId, and limitSpeedUp parameters to detect potential exploitation attempts. 4. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to identify buffer overflow attack patterns against Tenda routers. 5. Regularly check for firmware updates from Tenda and apply patches promptly once available. 6. Consider replacing vulnerable devices with models from vendors with stronger security track records if patches are delayed. 7. Educate network administrators about the vulnerability and ensure secure configuration practices are followed to minimize exposure.