Sign-up

ID

VAR-202508-2348


CVE

CVE-2025-55498


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-012492

DESCRIPTION

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. Shenzhen Tenda Technology Co.,Ltd. of AC6 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps. This vulnerability stems from the failure of the fromSetSysTime function to properly validate the length of the input data in the time parameter. An attacker could exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-55498 // JVNDB: JVNDB-2025-012492 // CNVD: CNVD-2025-20147

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20147

AFFECTED PRODUCTS

vendor:tendamodel:ac6scope:eqversion:15.03.06.23_multi

Trust: 1.0

vendor:tendamodel:ac6scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac6scope:eqversion:ac6 firmware 15.03.06.23 multi

Trust: 0.8

vendor:tendamodel:ac6scope: - version: -

Trust: 0.8

vendor:tendamodel:ac6 v15.03.06.23 multiscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-20147 // JVNDB: JVNDB-2025-012492 // NVD: CVE-2025-55498

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-55498
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-012492
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-20147
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-20147
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-55498
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-012492
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-20147 // JVNDB: JVNDB-2025-012492 // NVD: CVE-2025-55498

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-012492 // NVD: CVE-2025-55498

EXTERNAL IDS

db:NVDid:CVE-2025-55498

Trust: 3.2

db:JVNDBid:JVNDB-2025-012492

Trust: 0.8

db:CNVDid:CNVD-2025-20147

Trust: 0.6

sources: CNVD: CNVD-2025-20147 // JVNDB: JVNDB-2025-012492 // NVD: CVE-2025-55498

REFERENCES

url:https://github.com/solitarygrass/iot_vuln/blob/main/tenda/ac6/ac6v2.0rtl_v15.03.06.23/fromsetsystime/poc.md

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-55498

Trust: 0.8

sources: CNVD: CNVD-2025-20147 // JVNDB: JVNDB-2025-012492 // NVD: CVE-2025-55498

SOURCES

db:CNVDid:CNVD-2025-20147
db:JVNDBid:JVNDB-2025-012492
db:NVDid:CVE-2025-55498

LAST UPDATE DATE

2025-09-05T23:50:01.425000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20147date:2025-09-03T00:00:00
db:JVNDBid:JVNDB-2025-012492date:2025-08-27T06:54:00
db:NVDid:CVE-2025-55498date:2025-08-25T01:31:11.473

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20147date:2025-09-02T00:00:00
db:JVNDBid:JVNDB-2025-012492date:2025-08-27T00:00:00
db:NVDid:CVE-2025-55498date:2025-08-20T15:15:34.937