CVE-2025-6887: Stack-based Buffer Overflow in Tenda AC5
A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-6887 is a critical stack-based buffer overflow vulnerability identified in the Tenda AC5 router, specifically in firmware version 15.03.06.47. The vulnerability arises from improper handling of input parameters 'time' and 'timeZone' in the /goform/SetSysTimeCfg endpoint. This endpoint is likely part of the router's web management interface, which accepts configuration parameters remotely. By manipulating these arguments, an attacker can trigger a stack-based buffer overflow, potentially allowing arbitrary code execution or causing a denial of service. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. The CVSS v4.0 score is 8.7 (high severity), reflecting the ease of exploitation (network attack vector, low attack complexity) and the significant impact on confidentiality, integrity, and availability (all rated high). Although no known exploits are currently reported in the wild, the public disclosure of the exploit code increases the likelihood of active exploitation. The vulnerability affects only the specified firmware version, and no official patches or mitigation guidance have been published yet. Given the nature of the flaw, successful exploitation could allow attackers to gain control over the router, intercept or manipulate network traffic, or pivot into internal networks.
Potential Impact
For European organizations, the impact of this vulnerability can be substantial. Tenda AC5 routers are commonly used in small to medium enterprises and residential environments across Europe due to their cost-effectiveness and feature set. Compromise of these devices could lead to unauthorized access to internal networks, interception of sensitive data, disruption of network services, and potential lateral movement to more critical infrastructure. This is particularly concerning for organizations with remote or hybrid work setups relying on these routers for secure connectivity. The lack of authentication requirement and remote exploitability means attackers can target vulnerable devices over the internet, increasing the attack surface. Additionally, critical sectors such as finance, healthcare, and government agencies using these routers could face data breaches or service outages, impacting operational continuity and regulatory compliance under GDPR and other frameworks.
Mitigation Recommendations
Immediate mitigation steps should include isolating affected Tenda AC5 devices from untrusted networks and disabling remote management interfaces if not essential. Network administrators should implement strict firewall rules to restrict access to the router's management ports to trusted IP addresses only. Monitoring network traffic for unusual activity targeting the /goform/SetSysTimeCfg endpoint can help detect exploitation attempts. Since no official patch is currently available, organizations should consider upgrading to newer firmware versions once released or replacing vulnerable devices with models from vendors with robust security update policies. Employing network segmentation to limit the impact of compromised routers and using intrusion detection/prevention systems to identify exploitation attempts are recommended. Regularly auditing device configurations and applying security best practices for IoT and network devices will reduce exposure. Finally, organizations should stay informed about updates from Tenda and security advisories to apply patches promptly.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium
CVE-2025-6887: Stack-based Buffer Overflow in Tenda AC5
Description
A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-6887 is a critical stack-based buffer overflow vulnerability identified in the Tenda AC5 router, specifically in firmware version 15.03.06.47. The vulnerability arises from improper handling of input parameters 'time' and 'timeZone' in the /goform/SetSysTimeCfg endpoint. This endpoint is likely part of the router's web management interface, which accepts configuration parameters remotely. By manipulating these arguments, an attacker can trigger a stack-based buffer overflow, potentially allowing arbitrary code execution or causing a denial of service. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. The CVSS v4.0 score is 8.7 (high severity), reflecting the ease of exploitation (network attack vector, low attack complexity) and the significant impact on confidentiality, integrity, and availability (all rated high). Although no known exploits are currently reported in the wild, the public disclosure of the exploit code increases the likelihood of active exploitation. The vulnerability affects only the specified firmware version, and no official patches or mitigation guidance have been published yet. Given the nature of the flaw, successful exploitation could allow attackers to gain control over the router, intercept or manipulate network traffic, or pivot into internal networks.
Potential Impact
For European organizations, the impact of this vulnerability can be substantial. Tenda AC5 routers are commonly used in small to medium enterprises and residential environments across Europe due to their cost-effectiveness and feature set. Compromise of these devices could lead to unauthorized access to internal networks, interception of sensitive data, disruption of network services, and potential lateral movement to more critical infrastructure. This is particularly concerning for organizations with remote or hybrid work setups relying on these routers for secure connectivity. The lack of authentication requirement and remote exploitability means attackers can target vulnerable devices over the internet, increasing the attack surface. Additionally, critical sectors such as finance, healthcare, and government agencies using these routers could face data breaches or service outages, impacting operational continuity and regulatory compliance under GDPR and other frameworks.
Mitigation Recommendations
Immediate mitigation steps should include isolating affected Tenda AC5 devices from untrusted networks and disabling remote management interfaces if not essential. Network administrators should implement strict firewall rules to restrict access to the router's management ports to trusted IP addresses only. Monitoring network traffic for unusual activity targeting the /goform/SetSysTimeCfg endpoint can help detect exploitation attempts. Since no official patch is currently available, organizations should consider upgrading to newer firmware versions once released or replacing vulnerable devices with models from vendors with robust security update policies. Employing network segmentation to limit the impact of compromised routers and using intrusion detection/prevention systems to identify exploitation attempts are recommended. Regularly auditing device configurations and applying security best practices for IoT and network devices will reduce exposure. Finally, organizations should stay informed about updates from Tenda and security advisories to apply patches promptly.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-06-28T14:58:40.648Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 686214fb6f40f0eb72888056
Added to database: 6/30/2025, 4:39:23 AM
Last enriched: 6/30/2025, 4:54:28 AM
Last updated: 7/10/2025, 6:10:33 PM
Views: 33
Related Threats
CVE-2025-53891: CWE-434: Unrestricted Upload of File with Dangerous Type in TimeLineOfficial Time-Line-
MediumCVE-2025-53835: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in xwiki xwiki-rendering
CriticalCVE-2025-53833: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in saleem-hadad larecipe
CriticalCVE-2025-53823: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalCVE-2025-53822: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in LabRedesCefetRJ WeGIA
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.