Details of VAR-202506-0540

ID

VAR-202506-0540

CVE

CVE-2025-5852

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC6 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-006554

DESCRIPTION

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. AC6 is a wireless router from China's Tenda Company. The vulnerability is caused by the parameter list in the file /goform/setPptpUserList failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Trust: 2.16

sources: NVD: CVE-2025-5852 // JVNDB: JVNDB-2025-006554 // CNVD: CNVD-2025-12746

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12746

AFFECTED PRODUCTS

vendor:	tenda	model:	ac6	scope:	eq	version:	15.03.05.16	Trust: 1.0
vendor:	tenda	model:	ac6	scope:	eq	version:	ac6 firmware 15.03.05.16	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	eq	version:	-	Trust: 0.8
vendor:	jixiang tengda	model:	ac6	scope:	eq	version:	15.03.05.16	Trust: 0.6

sources: CNVD: CNVD-2025-12746 // JVNDB: JVNDB-2025-006554 // NVD: CVE-2025-5852

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5852
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-006554
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12746
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-5852
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-006554
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12746
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5852
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-006554
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12746 // JVNDB: JVNDB-2025-006554 // NVD: CVE-2025-5852

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006554 // NVD: CVE-2025-5852

PATCH

title:

Patch for Shenzhen Jixiang Tengda Technology Co., Ltd. AC6 /goform/setPptpUserList file buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/698831

Trust: 0.6

sources: CNVD: CNVD-2025-12746

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5852	Trust: 3.2
db:	VULDB	id:	311598	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-006554	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12746	Trust: 0.6

sources: CNVD: CNVD-2025-12746 // JVNDB: JVNDB-2025-006554 // NVD: CVE-2025-5852

REFERENCES

url:	https://lavender-bicycle-a5a.notion.site/tenda-ac6-formsetpptpuserlist-20a53a41781f801280e7e2dbdbd8625c?source=copy_link	Trust: 2.4
url:	https://vuldb.com/?id.311598	Trust: 1.8
url:	https://vuldb.com/?submit.591392	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://vuldb.com/?ctiid.311598	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5852	Trust: 0.8

sources: CNVD: CNVD-2025-12746 // JVNDB: JVNDB-2025-006554 // NVD: CVE-2025-5852

SOURCES

db:	CNVD	id:	CNVD-2025-12746
db:	JVNDB	id:	JVNDB-2025-006554
db:	NVD	id:	CVE-2025-5852

LAST UPDATE DATE

2025-06-19T23:41:26.445000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12746	date:	2025-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-006554	date:	2025-06-10T06:22:00
db:	NVD	id:	CVE-2025-5852	date:	2025-06-09T19:04:20.593

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12746	date:	2025-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-006554	date:	2025-06-10T00:00:00
db:	NVD	id:	CVE-2025-5852	date:	2025-06-09T01:15:20.633