CVE-2025-55495 – This buffer overflow vulnerability in Tenda AC6... (How to Fix)

📋 TL;DR

This buffer overflow vulnerability in Tenda AC6 routers allows attackers to execute arbitrary code by sending specially crafted requests to the fromSetIpMacBind function. It affects users of Tenda AC6 routers running vulnerable firmware versions. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Tenda AC6

Versions: V15.03.06.23_multi

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects AC6V2.0RTL hardware version. Other Tenda models may be vulnerable but not confirmed.

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network traffic interception, and lateral movement to internal systems.

🟠

Likely Case

Router crash/reboot causing denial of service, or limited code execution allowing attacker persistence on the router.

🟢

If Mitigated

If network segmentation and proper firewall rules are in place, impact limited to router itself without affecting internal network.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and the vulnerability appears to be remotely exploitable.

🏢 Internal Only: MEDIUM - Could be exploited from internal network if attacker gains initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available on GitHub demonstrates exploitation. Buffer overflow in list parameter suggests straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda support site for firmware updates
2. Download latest firmware for AC6
3. Upload via router admin interface
4. Reboot router after update

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router admin interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace vulnerable router with different model/brand
Implement strict firewall rules blocking all inbound traffic to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is V15.03.06.23_multi, device is vulnerable.

Check Version:

Login to router admin interface (typically 192.168.0.1 or 192.168.1.1) and check System Status or Firmware Update section

Verify Fix Applied:

Verify firmware version has been updated to a version later than V15.03.06.23_multi

📡 Detection & Monitoring

Log Indicators:

Multiple failed requests to fromSetIpMacBind endpoint
Router crash/reboot logs
Unusual POST requests with long list parameters

Network Indicators:

HTTP POST requests to router management interface with abnormally long list parameter values
Traffic to router on non-standard ports

SIEM Query:

source_ip="router_ip" AND (uri_path="*/fromSetIpMacBind" OR http_method="POST" AND content_length>1000)

📊 Metadata

CVE ID: CVE-2025-55495

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-120

EPSS Score: 0.05% exploit probability (15.9th percentile)

Published: August 27, 2025

Last Updated: September 3, 2025

🔗 References

https://github.com/SolitaryGrass/IoT_vuln/blob/main/tenda/AC6/AC6V2.0RTL_V15.03.06.23/fromSetIpMacBind/poc.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55495, you might also want to check these: