CVE-2025-60340 is a security vulnerability identified in the Tenda AC6 router firmware version 15.03.06.50. The flaw resides in the SetClientState function, where multiple buffer overflow conditions occur due to improper handling of input parameters: limitSpeed, deviceId, and limitSpeedUp. Buffer overflow vulnerabilities arise when input data exceeds the allocated buffer size, potentially overwriting adjacent memory and causing unpredictable behavior. In this case, attackers can craft malicious payloads targeting these parameters to trigger a Denial of Service (DoS) by crashing or destabilizing the router's firmware. The vulnerability does not require authentication or user interaction, meaning it can be exploited remotely by sending specially crafted requests to the router's management interface or exposed services. No CVSS score has been assigned yet, and no patches or known exploits have been reported at the time of publication. The absence of patches indicates that affected devices remain vulnerable until firmware updates are released by the vendor. The vulnerability specifically impacts the Tenda AC6 model running the specified firmware version, which is commonly used in home and small office environments. Exploitation could disrupt network connectivity, degrade service availability, and potentially serve as a vector for further attacks if combined with other vulnerabilities.

For European organizations, the primary impact of CVE-2025-60340 is the potential for Denial of Service attacks against network infrastructure relying on Tenda AC6 routers. Disruption of internet access or internal network communications can affect business operations, especially for small and medium enterprises or branch offices using these devices. Critical sectors such as healthcare, finance, and manufacturing could experience operational downtime, leading to financial losses and reputational damage. Additionally, the vulnerability could be leveraged by threat actors to create network instability or as part of larger coordinated attacks targeting network availability. Since the vulnerability does not require authentication, attackers can exploit it remotely, increasing the risk of widespread impact if devices are exposed to the internet or poorly segmented networks. The lack of current exploits in the wild reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once the vulnerability becomes publicly known.

To mitigate CVE-2025-60340, European organizations should first identify and inventory all Tenda AC6 routers within their networks. Immediate steps include restricting access to router management interfaces by implementing network segmentation and firewall rules that limit access to trusted IP addresses only. Disable remote management features if not required, or secure them with strong authentication and encryption. Monitor network traffic for unusual patterns or repeated malformed requests targeting the affected parameters. Employ intrusion detection/prevention systems (IDS/IPS) capable of detecting buffer overflow attempts or anomalous payloads. Engage with Tenda support channels to obtain firmware updates or advisories and apply patches promptly once available. As a longer-term strategy, consider replacing vulnerable devices with models that have a stronger security track record and ongoing vendor support. Conduct regular security assessments and penetration testing to identify similar vulnerabilities in network infrastructure devices.