CVE-2025-5854
BaseFortify
Publication date: 2025-06-09
Last updated on: 2025-06-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac6_firmware | 15.03.05.16 |
| tenda | ac6 | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5854 is a critical buffer overflow vulnerability in the Tenda AC6 router firmware version 15.03.05.16. It occurs in the function fromadvsetlanip when processing the lanMask parameter at the /goform/AdvSetLanip endpoint. The vulnerability arises because the input size of lanMask is not properly checked before being copied to an output buffer, leading to a buffer overflow. This flaw can be exploited remotely by sending specially crafted requests, potentially allowing an attacker to execute arbitrary code or cause a denial of service on the device. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected Tenda AC6 router. An attacker can remotely exploit the buffer overflow to execute arbitrary code, which may allow them to take control of the device, disrupt its normal operation causing denial of service, or manipulate network traffic. Since the exploit is publicly available and easy to use, the risk of attack is significant. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for suspicious or crafted HTTP requests sent to the endpoint /goform/AdvSetLanip with the lanMask parameter. Since the exploit involves sending a specially crafted lanMask argument to trigger a buffer overflow, detection can involve inspecting HTTP POST requests to this endpoint for unusually large or malformed lanMask values. Specific commands could include using network packet capture tools like tcpdump or Wireshark to filter traffic to the router's IP on port 80 or 443, for example: tcpdump -i <interface> 'host <router_ip> and (tcp port 80 or tcp port 443)' and then analyzing for POST requests to /goform/AdvSetLanip. Additionally, using curl or similar tools to test the endpoint with crafted lanMask values can help verify vulnerability presence. However, no specific detection commands or signatures are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
There are no known countermeasures or mitigations available for this vulnerability as per the provided resources. The recommended immediate step is to replace the affected Tenda AC6 router (firmware version 15.03.05.16) with an alternative device that is not vulnerable. Until a patch or update is released, limiting network exposure of the device and monitoring for exploit attempts may help reduce risk, but no direct fixes exist. [2]