CVE-2025-55498 – This buffer overflow vulnerability in Tenda AC6... (How to Fix)

Q: What is the severity of CVE-2025-55498?

CVE-2025-55498 has a CVSS score of 7.5 (HIGH). This buffer overflow vulnerability in Tenda AC6 routers allows attackers to execute arbitrary code by sending specially crafted requests to the time parameter in the fromSetSysTime function. Attackers could potentially gain full control of affected routers. This affects users of Tenda AC6 routers running vulnerable firmware versions.

📋 TL;DR

This buffer overflow vulnerability in Tenda AC6 routers allows attackers to execute arbitrary code by sending specially crafted requests to the time parameter in the fromSetSysTime function. Attackers could potentially gain full control of affected routers. This affects users of Tenda AC6 routers running vulnerable firmware versions.

💻 Affected Systems

Products:

Tenda AC6

Versions: V15.03.06.23_multi

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects AC6V2.0RTL hardware variant. Other Tenda models may have similar vulnerabilities but are not confirmed.

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, allowing attackers to intercept traffic, modify DNS settings, create persistent backdoors, or pivot to internal networks.

🟠

Likely Case

Router crash/reboot causing denial of service, or limited code execution allowing network reconnaissance and potential lateral movement.

🟢

If Mitigated

No impact if routers are not internet-facing and network segmentation prevents access to management interfaces.

🌐 Internet-Facing: HIGH - Routers with web management exposed to internet are directly exploitable remotely.

🏢 Internal Only: MEDIUM - Requires attacker to have internal network access, but exploitation is straightforward once access is gained.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept code is publicly available on GitHub. Exploitation requires sending HTTP request to vulnerable endpoint with crafted time parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: Yes

Instructions:

1. Check Tenda support site for firmware updates. 2. Download latest firmware for AC6 model. 3. Access router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload new firmware file. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Access router web interface > Advanced > System Tools > Remote Management > Disable

Network Segmentation

all

Isolate router management interface to trusted network

Configure firewall rules to restrict access to router IP on ports 80/443 to trusted IPs only

🧯 If You Can't Patch

Replace vulnerable routers with different models from vendors with better security track record
Implement network monitoring to detect exploitation attempts and isolate compromised devices

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status or via command: telnet [router_ip] (if enabled) and check version

Check Version:

curl -s http://[router_ip]/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than V15.03.06.23 and test if fromSetSysTime endpoint still exists

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /goform/fromSetSysTime with malformed time parameter
Router crash/reboot logs
Unusual process execution

Network Indicators:

HTTP traffic to router IP on port 80/443 with POST to /goform/fromSetSysTime
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (uri="/goform/fromSetSysTime" OR "fromSetSysTime")

📊 Metadata

CVE ID: CVE-2025-55498

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.08% exploit probability (23.4th percentile)

Published: August 20, 2025

Last Updated: August 25, 2025

🔗 References

https://github.com/SolitaryGrass/IoT_vuln/blob/main/tenda/AC6/AC6V2.0RTL_V15.03.06.23/fromSetSysTime/poc.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55498, you might also want to check these: