Sign-up

ID

VAR-202506-0081


CVE

CVE-2025-44172


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-006175

DESCRIPTION

Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. Shenzhen Tenda Technology Co.,Ltd. of AC6 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. The vulnerability is caused by the parameter time in the setSmartPowerManagement function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-44172 // JVNDB: JVNDB-2025-006175 // CNVD: CNVD-2025-12679

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12679

AFFECTED PRODUCTS

vendor:tendamodel:ac6scope:eqversion:15.03.05.16

Trust: 1.6

vendor:tendamodel:ac6scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac6scope: - version: -

Trust: 0.8

vendor:tendamodel:ac6scope:eqversion:ac6 firmware 15.03.05.16

Trust: 0.8

sources: CNVD: CNVD-2025-12679 // JVNDB: JVNDB-2025-006175 // NVD: CVE-2025-44172

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-44172
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-006175
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-12679
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-12679
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-44172
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-006175
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12679 // JVNDB: JVNDB-2025-006175 // NVD: CVE-2025-44172

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-006175 // NVD: CVE-2025-44172

EXTERNAL IDS

db:NVDid:CVE-2025-44172

Trust: 3.2

db:JVNDBid:JVNDB-2025-006175

Trust: 0.8

db:CNVDid:CNVD-2025-12679

Trust: 0.6

sources: CNVD: CNVD-2025-12679 // JVNDB: JVNDB-2025-006175 // NVD: CVE-2025-44172

REFERENCES

url:https://github.com/hcxj/tenda-vul/blob/main/setsmartpowermanagement.md

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-44172

Trust: 0.8

sources: CNVD: CNVD-2025-12679 // JVNDB: JVNDB-2025-006175 // NVD: CVE-2025-44172

SOURCES

db:CNVDid:CNVD-2025-12679
db:JVNDBid:JVNDB-2025-006175
db:NVDid:CVE-2025-44172

LAST UPDATE DATE

2025-06-19T23:32:11.204000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12679date:2025-06-17T00:00:00
db:JVNDBid:JVNDB-2025-006175date:2025-06-04T01:47:00
db:NVDid:CVE-2025-44172date:2025-06-03T15:55:33.757

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12679date:2025-06-17T00:00:00
db:JVNDBid:JVNDB-2025-006175date:2025-06-04T00:00:00
db:NVDid:CVE-2025-44172date:2025-06-02T15:15:34.317