CVE-2025-6886: Stack-based Buffer Overflow in Tenda AC5
A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-6886 is a critical stack-based buffer overflow vulnerability identified in the Tenda AC5 router firmware version 15.03.06.47. The vulnerability arises from improper handling of input parameters, specifically schedStartTime and schedEndTime, within the /goform/openSchedWifi endpoint. This endpoint appears to be related to scheduling Wi-Fi access, and the flawed input validation allows an attacker to overflow the stack buffer by manipulating these parameters. The overflow can lead to arbitrary code execution or cause the device to crash, resulting in denial of service. Notably, the vulnerability can be exploited remotely without requiring user interaction or prior authentication, increasing its risk profile. The CVSS 4.0 score of 8.7 reflects high severity, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability impacts confidentiality, integrity, and availability, as an attacker could potentially execute arbitrary code, disrupt network connectivity, or gain unauthorized access to network traffic. Although no public exploits are currently observed in the wild, the disclosure of the exploit code increases the likelihood of exploitation attempts. The lack of an official patch at the time of publication further elevates the risk for affected users. Given that Tenda AC5 is a consumer and small office/home office (SOHO) router, the vulnerability poses a significant threat to network security, especially in environments relying on this device for internet access and internal network segmentation.
Potential Impact
For European organizations, especially small and medium enterprises (SMEs) and home offices using Tenda AC5 routers, this vulnerability can lead to severe consequences. Successful exploitation could allow attackers to gain control over the router, intercept or manipulate network traffic, and potentially pivot to internal networks, compromising sensitive data and disrupting business operations. The remote and unauthenticated nature of the exploit means attackers can target these devices en masse, potentially leading to widespread outages or use of compromised routers in botnets for further attacks. This is particularly concerning for organizations with remote workers relying on these routers for secure connectivity. Additionally, the compromise of network infrastructure devices like routers can undermine trust in organizational cybersecurity measures and lead to regulatory compliance issues under GDPR if personal data is exposed or intercepted.
Mitigation Recommendations
Given the absence of an official patch, European organizations should implement immediate compensating controls. These include isolating Tenda AC5 devices from direct exposure to the internet by placing them behind firewalls or NAT devices that restrict access to the /goform/openSchedWifi endpoint. Network administrators should disable remote management features on these routers if enabled. Monitoring network traffic for unusual requests targeting the vulnerable endpoint can help detect exploitation attempts early. Organizations should also consider replacing affected Tenda AC5 routers with models from vendors with timely security update practices. Applying strict network segmentation to limit the impact of a compromised router and enforcing strong network access controls will reduce risk. Finally, staying informed about vendor updates and applying patches promptly once available is critical.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2025-6886: Stack-based Buffer Overflow in Tenda AC5
Description
A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-6886 is a critical stack-based buffer overflow vulnerability identified in the Tenda AC5 router firmware version 15.03.06.47. The vulnerability arises from improper handling of input parameters, specifically schedStartTime and schedEndTime, within the /goform/openSchedWifi endpoint. This endpoint appears to be related to scheduling Wi-Fi access, and the flawed input validation allows an attacker to overflow the stack buffer by manipulating these parameters. The overflow can lead to arbitrary code execution or cause the device to crash, resulting in denial of service. Notably, the vulnerability can be exploited remotely without requiring user interaction or prior authentication, increasing its risk profile. The CVSS 4.0 score of 8.7 reflects high severity, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability impacts confidentiality, integrity, and availability, as an attacker could potentially execute arbitrary code, disrupt network connectivity, or gain unauthorized access to network traffic. Although no public exploits are currently observed in the wild, the disclosure of the exploit code increases the likelihood of exploitation attempts. The lack of an official patch at the time of publication further elevates the risk for affected users. Given that Tenda AC5 is a consumer and small office/home office (SOHO) router, the vulnerability poses a significant threat to network security, especially in environments relying on this device for internet access and internal network segmentation.
Potential Impact
For European organizations, especially small and medium enterprises (SMEs) and home offices using Tenda AC5 routers, this vulnerability can lead to severe consequences. Successful exploitation could allow attackers to gain control over the router, intercept or manipulate network traffic, and potentially pivot to internal networks, compromising sensitive data and disrupting business operations. The remote and unauthenticated nature of the exploit means attackers can target these devices en masse, potentially leading to widespread outages or use of compromised routers in botnets for further attacks. This is particularly concerning for organizations with remote workers relying on these routers for secure connectivity. Additionally, the compromise of network infrastructure devices like routers can undermine trust in organizational cybersecurity measures and lead to regulatory compliance issues under GDPR if personal data is exposed or intercepted.
Mitigation Recommendations
Given the absence of an official patch, European organizations should implement immediate compensating controls. These include isolating Tenda AC5 devices from direct exposure to the internet by placing them behind firewalls or NAT devices that restrict access to the /goform/openSchedWifi endpoint. Network administrators should disable remote management features on these routers if enabled. Monitoring network traffic for unusual requests targeting the vulnerable endpoint can help detect exploitation attempts early. Organizations should also consider replacing affected Tenda AC5 routers with models from vendors with timely security update practices. Applying strict network segmentation to limit the impact of a compromised router and enforcing strong network access controls will reduce risk. Finally, staying informed about vendor updates and applying patches promptly once available is critical.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-06-28T14:58:38.446Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 686211776f40f0eb728878e6
Added to database: 6/30/2025, 4:24:23 AM
Last enriched: 6/30/2025, 4:39:30 AM
Last updated: 7/5/2025, 9:40:32 AM
Views: 29
Related Threats
CVE-2025-7082: OS Command Injection in Belkin F9K1122
MediumCVE-2025-7081: OS Command Injection in Belkin F9K1122
MediumCVE-2025-7080: Use of Hard-coded Password in Done-0 Jank
MediumCVE-2025-7079: Use of Hard-coded Password in mao888 bluebell-plus
MediumCVE-2025-7078: Cross-Site Request Forgery in 07FLYCMS
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.