Tenda AC6 Stack Overflow Vulnerability in formSetCfm Function Allowing Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in the Tenda AC6 router, specifically in the firmware version US_AC6V1.0BR_V15.03.05.16_multi_TD01. The issue arises in the formSetCfm function, where the parameters funcname, funcpara1, and funcpara2 can be manipulated to cause a stack overflow.

Impact

Exploitation of this vulnerability leads to a stack overflow, causing a denial-of-service condition on the device.

Added: Sep 19, 2025, 3:18 PM

Updated: Sep 19, 2025, 4:03 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC6 Stack Overflow Vulnerability in formSetCfm Function Allowing Denial-of-Service

Vulnerability

Impact

Affected Products

Tenda AC6

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating