📦

ac6

Vendor: tenda

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 41 Remote Access

Total CVEs 163 Total Indexed

Avg. EPSS 1.43% Exploit Prob.

Latest CVE CVE-2026-8265 May 11

Security Vulnerability Index

Page 2 / 17

7.5 CVSS

CVE-2025-60341

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

EPSS: 0.33%

Severity: HIGH

Oct 22, 2025

7.5 CVSS

CVE-2025-60340

Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters.

EPSS: 0.34%

Severity: HIGH

Oct 22, 2025

7.5 CVSS

CVE-2025-60339

Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the schedStartTime and schedEndTime parameters.

EPSS: 0.34%

Severity: HIGH

Oct 22, 2025

7.5 CVSS

CVE-2025-60337

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speed_dir parameter in the SetSpeedWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

EPSS: 0.34%

Severity: HIGH

Oct 22, 2025

7.5 CVSS

CVE-2025-60338

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

EPSS: 0.41%

Severity: HIGH

Oct 22, 2025

6.5 CVSS

CVE-2025-57296

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function concatenates these user-supplied values into nvram set system commands using doSystemCmd, without validating or sanitizing special characters (e.g., ;, ", #). An unauthenticated or authenticated attacker can exploit this by submitting a crafted POST request, leading to arbitrary system command execution on the affected device.

EPSS: 3.32%

Severity: MEDIUM

Sep 19, 2025

7.7 CVSS

CVE-2025-57528

An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function (uri path: SetCfm).

EPSS: 0.41%

Severity: HIGH

Sep 19, 2025

6.5 CVSS

CVE-2025-55495

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

EPSS: 0.23%

Severity: MEDIUM

Aug 27, 2025

7.5 CVSS

CVE-2025-55498

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.

EPSS: 0.37%

Severity: HIGH

Aug 20, 2025

7.5 CVSS

CVE-2025-55482

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function.

EPSS: 0.37%

Severity: HIGH

Aug 20, 2025

Displaying 10 of 163 Total Entries

1 2 3 4 5 ... 17

Total 17 Sections