CVE-2025-46035

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 15.03.05.16

Description A Buffer Overflow issue allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the "/goform/openSchedWifi" endpoint. This issue is related to a "Classic Buffer Overflow" due to buffer copy without checking the size of the input.

Recommendations For Tenda AC6 version 15.03.05.16, as a temporary workaround, consider restricting access to the "/goform/openSchedWifi" endpoint until a patch is available. Avoid using the schedStartTime and schedEndTime parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.