CVE-2025-60339

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 15.03.06.50

Description Multiple buffer overflow vulnerabilities exist in the openSchedWifi function of the Tenda AC6 router. These flaws allow attackers to cause a Denial of Service (DoS) by injecting a crafted payload into the schedStartTime and schedEndTime parameters. The vulnerability involves writing data beyond the allocated buffer in memory. Exploitation can be achieved remotely by sending a specially crafted HTTP request.

Recommendations Update to a newer version of the Tenda AC6 router that contains a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.