PT-2025-13524 · Tenda · Tenda W6

Published

2025-03-28

Updated

2025-03-29

CVE-2025-28220

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Tenda W6 S version 1.0.0.4 510

Description The issue is related to a Buffer Overflow in the setcfm function. This allows remote attackers to cause a web server crash by passing a malicious funcpara1 parameter through a POST request to the binary.

Recommendations For Tenda W6 S version 1.0.0.4 510, consider disabling the setcfm function until a patch is available to prevent exploitation via the funcpara1 parameter. Restrict access to the vulnerable binary to minimize the risk of a web server crash. Avoid using the funcpara1 parameter in the affected POST request endpoint until the issue is resolved.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2025-28220

Affected Products

Tenda W6

PT-2025-13524 · Tenda · Tenda W6

CVE-2025-28220

Weakness Enumeration

Related Identifiers

Affected Products

References · 5