Home

Description

Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters.

PUBLISHED Reserved 2025-09-26 | Published 2025-10-22 | Updated 2025-10-28 | Assigner mitre

References

github.com/...PoC/BOF/Tenda/SetClientState/SetClientState.md

cve.org (CVE-2025-60340)

nvd.nist.gov (CVE-2025-60340)

Download JSON