CVE-2025-60340 – This vulnerability allows attackers to cause de... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to cause denial of service on Tenda AC6 routers by exploiting buffer overflows in the SetClientState function. Attackers can inject crafted payloads into specific parameters to crash the device. This affects users running vulnerable firmware versions of Tenda AC6 routers.

💻 Affected Systems

Products:

Tenda AC6

Versions: v15.03.06.50 (specific version mentioned)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of the router. Other Tenda models may be vulnerable but not confirmed.

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reset, potential remote code execution if memory corruption leads to arbitrary code execution

🟠

Likely Case

Router becomes unresponsive, requiring reboot and disrupting network connectivity

🟢

If Mitigated

Limited to DoS impact with proper network segmentation and access controls

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and the exploit appears to be unauthenticated

🏢 Internal Only: MEDIUM - Internal attackers could still exploit if they have network access to the router

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public PoC available on GitHub. Exploit appears straightforward with crafted HTTP requests to vulnerable parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for AC6 model
3. Access router web interface
4. Navigate to System Tools > Firmware Upgrade
5. Upload and apply new firmware
6. Reboot router after update

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Network segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

Replace vulnerable router with different model/brand
Implement strict firewall rules to block access to router management interface from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status or System Tools

Check Version:

Check router web interface or use: curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is updated beyond v15.03.06.50

📡 Detection & Monitoring

Log Indicators:

Multiple failed HTTP requests to /goform/SetClientState
Router crash/reboot events in system logs
Unusual payloads in limitSpeed, deviceId, or limitSpeedUp parameters

Network Indicators:

HTTP POST requests to /goform/SetClientState with unusually long parameter values
Traffic patterns indicating DoS attempts against router management interface

SIEM Query:

source="router_logs" AND (uri_path="/goform/SetClientState" AND (param_length>100 OR status_code=500))

📊 Metadata

CVE ID: CVE-2025-60340

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

EPSS Score: 0.08% exploit probability (22.7th percentile)

Published: October 22, 2025

Last Updated: October 28, 2025

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda/SetClientState/SetClientState.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60340, you might also want to check these: