Description
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.
Published: 2025-07-01
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Monitor
AI Analysis

Impact

The vulnerability is a classic buffer overflow in the addWifiMacFilter function of Tenda AC6 firmware version 15.03.05.16_multi. The flaw originates from improper handling of the deviceId parameter, allowing an attacker to send an oversized value that overwrites memory adjacent to the buffer. This can lead to arbitrary code execution or denial of service if exploited successfully, as the corrupted memory region may contain executable code or control data.

Affected Systems

Affected by this flaw are Tenda AC6 routers running firmware 15.03.05.16_multi. The vulnerability is present whenever the addWifiMacFilter API is exposed, which typically occurs when the device has remote management enabled or when LAN hosts communicate with the router to configure Wi‑Fi settings.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. The EPSS score of less than 1% suggests that, at the time of this analysis, the likelihood of public exploitation is very low. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote via network traffic sent to the router’s API, requiring no local access or privileged credentials.

Generated by OpenCVE AI on April 20, 2026 at 22:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install any firmware update from Tenda that addresses the buffer overflow in the addWifiMacFilter function.
  • If an update is not yet available, disable remote management features and restrict traffic to the device’s administration interfaces to the least necessary subset of trusted hosts.
  • Continuously monitor the router’s logs for anomalous requests to the Wi‑Fi configuration API, and block or rate‑limit suspicious traffic.

Generated by OpenCVE AI on April 20, 2026 at 22:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-19651 Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.
History

Mon, 20 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda AC6 WiFi MAC Filter Function

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Jul 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac6
Tenda ac6 Firmware
CPEs cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac6_firmware:15.03.05.16_multi:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac6
Tenda ac6 Firmware

Tue, 01 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Jul 2025 15:30:00 +0000

Type Values Removed Values Added
Description Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.
References

Subscriptions

Tenda Ac6 Ac6 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T17:21:40.238Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50641

cve-icon Vulnrichment

Updated: 2025-07-01T15:51:39.544Z

cve-icon NVD

Status : Modified

Published: 2025-07-01T16:15:23.453

Modified: 2026-04-08T19:24:14.920

Link: CVE-2025-50641

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T22:30:19Z

Weaknesses