CVE-2025-15255
Stack-Based Buffer Overflow in Tenda W6-S R7websSsecurityHandler
Publication date: 2025-12-30
Last updated on: 2026-02-24
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | w6-s | 1.0.0.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring HTTP requests to the Tenda W6-S router for suspicious or unusually long Cookie headers that may trigger the stack-based buffer overflow. Since the vulnerability is triggered by manipulation of the Cookie argument in HTTP requests, network intrusion detection systems (NIDS) or packet capture tools can be used to inspect HTTP traffic for malformed or suspicious Cookie headers. Specific commands are not provided in the resources, but using tools like tcpdump or Wireshark to capture HTTP traffic and filtering for Cookie headers could help detect attempts. For example, a tcpdump command to capture HTTP traffic might be: tcpdump -i <interface> -A 'tcp port 80' | grep Cookie. However, no explicit detection commands or signatures are provided in the resources. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Tenda W6-S router running firmware version 1.0.0.4(510) with an alternative device, as no known countermeasures or patches are currently available. Since the vulnerability is exploitable remotely without authentication and no mitigations have been identified, discontinuing use of the vulnerable product is recommended. Additionally, restricting network access to the device, such as limiting HTTP access to trusted networks or disabling remote management, may reduce exposure until replacement is possible. [2]
Can you explain this vulnerability to me?
This vulnerability exists in the Tenda W6-S device, specifically in the /bin/httpd file's R7websSsecurityHandler component. It involves a stack-based buffer overflow triggered by manipulating the Cookie argument. This flaw can be exploited remotely, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to severe impacts including remote code execution, complete compromise of the affected device, denial of service, and unauthorized control over the system. This can result in loss of data integrity, confidentiality, and availability.