CVE-2025-52221
Buffer Overflow in Tenda AC6 formSetCfm Function
Publication date: 2026-04-08
Last updated on: 2026-04-13
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac6_firmware | 15.03.05.16_multi |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Tenda AC6 version 15.03.05.16_multi is a buffer overflow issue occurring in the formSetCfm function. It is triggered via the parameters funcname, funcpara1, and funcpara2.
How can this vulnerability impact me? :
The vulnerability in Tenda AC6 15.03.05.16_multi involves a buffer overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters.
This type of vulnerability can potentially allow an attacker to execute arbitrary code, cause a denial of service, or crash the device, leading to disruption of network services or unauthorized control over the device.