Sign-up

ID

VAR-202604-1751


CVE

CVE-2025-52221


TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC6  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-010845

DESCRIPTION

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-52221 // JVNDB: JVNDB-2026-010845

AFFECTED PRODUCTS

vendor:tendamodel:ac6scope:eqversion:15.03.05.16_multi

Trust: 1.0

vendor:tendamodel:ac6scope: - version: -

Trust: 0.8

vendor:tendamodel:ac6scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac6scope:eqversion:ac6 firmware 15.03.05.16_multi

Trust: 0.8

sources: JVNDB: JVNDB-2026-010845 // NVD: CVE-2025-52221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-52221
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-52221
value: HIGH

Trust: 1.0

NVD: CVE-2025-52221
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2025-52221
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-52221
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2025-52221
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-010845 // NVD: CVE-2025-52221 // NVD: CVE-2025-52221

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-010845 // NVD: CVE-2025-52221

PATCH

title:IoTVuln/tendaAc6_formSetCfm_funcname_overflow/detail.md at main  faqiadegege/IoTVuln  GitHub GitHuburl:https://github.com/faqiadegege/IoTVuln/blob/main/tendaAc6_formSetCfm_funcname_overflow/detail.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-010845

EXTERNAL IDS

db:NVDid:CVE-2025-52221

Trust: 2.6

db:JVNDBid:JVNDB-2026-010845

Trust: 0.8

sources: JVNDB: JVNDB-2026-010845 // NVD: CVE-2025-52221

REFERENCES

url:https://github.com/faqiadegege/iotvuln/blob/main/tendaac6_formsetcfm_funcname_overflow/detail.md

Trust: 1.0

url:https://github.com/xiaotea/iot-vulnerability-collection/blob/main/readme.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-52221

Trust: 0.8

sources: JVNDB: JVNDB-2026-010845 // NVD: CVE-2025-52221

SOURCES

db:JVNDBid:JVNDB-2026-010845
db:NVDid:CVE-2025-52221

LAST UPDATE DATE

2026-04-16T22:32:26.926000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-010845date:2026-04-14T00:54:00
db:NVDid:CVE-2025-52221date:2026-04-13T11:36:50.943

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-010845date:2026-04-14T00:00:00
db:NVDid:CVE-2025-52221date:2026-04-08T18:24:51.257