CVE-2025-5855 – A critical stack-based buffer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-5855?

CVE-2025-5855 has a CVSS score of 8.8 (HIGH). A critical stack-based buffer overflow vulnerability in Tenda AC6 routers allows remote attackers to execute arbitrary code by manipulating the rebootTime parameter. This affects Tenda AC6 routers running firmware version 15.03.05.16. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Tenda AC6 routers allows remote attackers to execute arbitrary code by manipulating the rebootTime parameter. This affects Tenda AC6 routers running firmware version 15.03.05.16. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda AC6

Versions: 15.03.05.16

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected by default

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence installation, network pivoting, and data exfiltration

🟠

Likely Case

Router takeover for botnet recruitment, DNS hijacking, credential theft, and network surveillance

🟢

If Mitigated

Denial of service or limited information disclosure if exploit fails

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing devices immediate targets

🏢 Internal Only: MEDIUM - Internal attackers could exploit, but external threat is more significant

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available, making weaponization likely. No authentication required for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware 3. Upload via router admin interface 4. Reboot router

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to vulnerable endpoint

Network segmentation

all

Isolate AC6 routers from critical network segments

🧯 If You Can't Patch

Replace vulnerable routers with patched or different models
Implement strict network ACLs to block access to port 80/443 on affected devices

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 15.03.05.16, device is vulnerable.

Check Version:

Check via router web interface or SSH if available

Verify Fix Applied:

Verify firmware version has changed from 15.03.05.16 to a newer version

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetRebootTimer
Multiple failed reboot attempts
Unexpected process crashes

Network Indicators:

Unusual traffic patterns to router management interface
Suspicious payloads in HTTP POST requests

SIEM Query:

source="router_logs" AND (uri="/goform/SetRebootTimer" OR process="reboot") AND status="200"

📊 Metadata

CVE ID: CVE-2025-5855

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.21% exploit probability (43.2th percentile)

Published: June 9, 2025

Last Updated: June 9, 2025

🔗 References

https://lavender-bicycle-a5a.notion.site/Tenda-AC6-formsetreboottimer-20a53a41781f80c5b6cac51008556c7e?source=copy_link Exploit,Third Party Advisory
https://vuldb.com/?ctiid.311601 Permissions Required
https://vuldb.com/?id.311601 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.591422 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5855, you might also want to check these: