CVE-2025-60337

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 15.03.06.50

Description The SetSpeedWan() function in Tenda AC6 firmware contains a buffer overflow issue related to writing data beyond the allocated buffer in memory. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service (DoS) by sending a specially crafted HTTP request. The vulnerability resides in the speed dir parameter of the SetSpeedWan() function.

Recommendations Update Tenda AC6 version 15.03.06.50 to a newer version that contains a fix for this vulnerability.

Exploit

Fix

DoS

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120

Related Identifiers

BDU:2025-13543

CVE-2025-60337

Affected Products

Tenda Ac6 V2.0

CVE-2025-60337

Weakness Enumeration

Related Identifiers

Affected Products

References · 9