Sign-up

ID

VAR-202506-3419


CVE

CVE-2025-50528


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008031

DESCRIPTION

A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. The vulnerability is caused by the fromNatStaticSetting function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-50528 // JVNDB: JVNDB-2025-008031 // CNVD: CNVD-2025-15481

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15481

AFFECTED PRODUCTS

vendor:tendamodel:ac6scope:lteversion:15.03.05.19

Trust: 1.0

vendor:tendamodel:ac6scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac6scope:lteversion:ac6 firmware 15.03.05.19 and earlier

Trust: 0.8

vendor:tendamodel:ac6scope: - version: -

Trust: 0.8

vendor:tendamodel:ac6scope:lteversion:<=15.03.05.19

Trust: 0.6

sources: CNVD: CNVD-2025-15481 // JVNDB: JVNDB-2025-008031 // NVD: CVE-2025-50528

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-50528
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-008031
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-15481
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-15481
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-50528
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-008031
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-15481 // JVNDB: JVNDB-2025-008031 // NVD: CVE-2025-50528

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008031 // NVD: CVE-2025-50528

EXTERNAL IDS

db:NVDid:CVE-2025-50528

Trust: 3.2

db:JVNDBid:JVNDB-2025-008031

Trust: 0.8

db:CNVDid:CNVD-2025-15481

Trust: 0.6

sources: CNVD: CNVD-2025-15481 // JVNDB: JVNDB-2025-008031 // NVD: CVE-2025-50528

REFERENCES

url:https://github.com/pfwqdxwdd/cve/blob/main/1.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-50528

Trust: 1.4

sources: CNVD: CNVD-2025-15481 // JVNDB: JVNDB-2025-008031 // NVD: CVE-2025-50528

SOURCES

db:CNVDid:CNVD-2025-15481
db:JVNDBid:JVNDB-2025-008031
db:NVDid:CVE-2025-50528

LAST UPDATE DATE

2025-07-13T23:43:34.956000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15481date:2025-07-11T00:00:00
db:JVNDBid:JVNDB-2025-008031date:2025-07-04T08:26:00
db:NVDid:CVE-2025-50528date:2025-07-01T18:14:43.080

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15481date:2025-07-08T00:00:00
db:JVNDBid:JVNDB-2025-008031date:2025-07-04T00:00:00
db:NVDid:CVE-2025-50528date:2025-06-27T14:15:39.140