CVE-2025-60343 – This CVE describes multiple buffer overflow vul... (How to Fix)

📋 TL;DR

This CVE describes multiple buffer overflow vulnerabilities in Tenda AC6 routers that allow attackers to cause denial of service by sending specially crafted payloads to multiple parameters in the AdvSetMacMtuWan function. The vulnerability affects Tenda AC6 router users running vulnerable firmware versions. Attackers can exploit this remotely to crash the router.

💻 Affected Systems

Products:

Tenda AC6

Versions: v.15.03.06.50 (specific version mentioned)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface function AdvSetMacMtuWan which handles WAN configuration parameters

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reset, potential for remote code execution if buffer overflow can be controlled precisely

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality

🟢

If Mitigated

No impact if router is patched or not exposed to untrusted networks

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices and the exploit appears to be unauthenticated

🏢 Internal Only: MEDIUM - Could be exploited by malicious internal actors or malware on the network

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public PoC available on GitHub, buffer overflow in multiple parameters suggests straightforward exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for AC6 model
3. Access router admin interface
4. Navigate to firmware upgrade section
5. Upload and apply new firmware
6. Wait for router to reboot

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Access router admin panel -> System -> Remote Management -> Disable

Network segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace router with different model/brand
Place router behind firewall with strict access controls to management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

Check via router web interface or SSH if enabled: cat /proc/version or show version commands

Verify Fix Applied:

Verify firmware version is newer than v.15.03.06.50

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
Multiple failed connection attempts to router admin interface
Unusual POST requests to AdvSetMacMtuWan endpoint

Network Indicators:

Unusual traffic to router port 80/443 from external sources
Repeated connection attempts to router management interface

SIEM Query:

source_ip=external AND dest_port=80 AND uri_path CONTAINS 'AdvSetMacMtuWan'

📊 Metadata

CVE ID: CVE-2025-60343

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

EPSS Score: 0.08% exploit probability (22.7th percentile)

Published: October 22, 2025

Last Updated: October 24, 2025

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda/AdvSetMacMtuWan/AdvSetMacMtuWan.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60343, you might also want to check these: