CVE-2025-50258 – A buffer overflow vulnerability in Tenda AC6 ro... (How to Fix)

Q: What is the severity of CVE-2025-50258?

CVE-2025-50258 has a CVSS score of 8.1 (HIGH). A buffer overflow vulnerability in Tenda AC6 routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the SetSysTimeCfg function. This affects Tenda AC6 routers running firmware version 15.03.05.16_multi. Attackers can potentially gain full control of affected devices.

📋 TL;DR

A buffer overflow vulnerability in Tenda AC6 routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the SetSysTimeCfg function. This affects Tenda AC6 routers running firmware version 15.03.05.16_multi. Attackers can potentially gain full control of affected devices.

💻 Affected Systems

Products:

Tenda AC6

Versions: 15.03.05.16_multi

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface. No special configuration required for exploitation.

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, and persistent backdoor installation.

🟠

Likely Case

Device takeover allowing network traffic interception, DNS manipulation, and credential harvesting from connected devices.

🟢

If Mitigated

Limited to denial of service if exploit fails or device crashes without code execution.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing and accessible via web interface or management protocols.

🏢 Internal Only: MEDIUM - Could be exploited from internal networks if attacker gains initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub. Exploitation requires sending crafted HTTP request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC6 model. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Log into router admin > System Tools > Remote Management > Disable

Network Segmentation

all

Isolate router management interface to trusted network

Configure firewall rules to restrict access to router IP on ports 80/443

🧯 If You Can't Patch

Replace vulnerable router with different model/brand
Place router behind dedicated firewall with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools > Firmware Upgrade

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than 15.03.05.16_multi

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /goform/SetSysTimeCfg
Large time parameter values in requests
Router crash/reboot logs

Network Indicators:

HTTP requests with abnormally long time parameter to router management interface
Traffic patterns suggesting exploit attempts

SIEM Query:

source="router_logs" AND (uri="/goform/SetSysTimeCfg" OR "time=" AND length>100)

📊 Metadata

CVE ID: CVE-2025-50258

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.07% exploit probability (21th percentile)

Published: July 3, 2025

Last Updated: July 7, 2025

🔗 References

https://github.com/faqiadegege/IoTVuln/blob/main/tendaAC6_SetSysTimeCfg_timeoverflow/detail.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50258, you might also want to check these: