CVE-2025-44172
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on Tenda AC6 routers by exploiting a stack overflow in the setSmartPowerManagement function. Attackers can send specially crafted requests to the time parameter, potentially gaining full control of affected devices. This affects all users running vulnerable firmware versions of Tenda AC6 routers.
💻 Affected Systems
- Tenda AC6
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to other devices, and participation in botnets.
Likely Case
Router takeover allowing DNS hijacking, credential theft from network traffic, and use as pivot point for internal network attacks.
If Mitigated
Denial of service causing router reboot or temporary unavailability if exploit fails or is blocked.
🎯 Exploit Status
Public GitHub repository contains detailed analysis and likely exploit code. Stack overflow vulnerabilities in embedded devices are frequently weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: Yes
Instructions:
1. Check Tenda support website for firmware updates. 2. Download latest firmware for AC6 model. 3. Access router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload new firmware file. 6. Wait for automatic reboot.
🔧 Temporary Workarounds
Disable Remote Management
allPrevent external access to router web interface
Network Segmentation
allIsolate router management interface to trusted network
🧯 If You Can't Patch
- Replace affected routers with different models or brands
- Implement strict firewall rules blocking all external access to router management ports (typically 80, 443, 8080)
🔍 How to Verify
Check if Vulnerable:
Check router firmware version in web interface under System Status or System Tools > Firmware UpgradeCheck Version:
curl -s http://router-ip/goform/getStatus | grep version or check web interfaceVerify Fix Applied:
Verify firmware version is newer than V15.03.05.16 after update📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /goform/setSmartPowerManagement
- Multiple failed login attempts followed by exploitation attempts
- Router reboot logs without user action
Network Indicators:
- Unusual outbound connections from router
- DNS queries to suspicious domains
- Traffic spikes to router management interface
SIEM Query:
source="router.log" AND ("setSmartPowerManagement" OR "time parameter overflow")