{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-52221", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-10T15:42:37.221Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2026-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T17:11:13.066Z"}, "descriptions": [{"lang": "en", "value": "Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/faqiadegege/IoTVuln/blob/main/tendaAc6_formSetCfm_funcname_overflow/detail.md"}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T13:08:39.678948Z", "id": "CVE-2025-52221", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T15:42:37.221Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-52221", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T13:08:39.678948Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T13:10:12.496Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/faqiadegege/IoTVuln/blob/main/tendaAc6_formSetCfm_funcname_overflow/detail.md"}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "descriptions": [{"lang": "en", "value": "Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T17:11:13.066Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52221", "state": "PUBLISHED", "dateUpdated": "2026-04-10T15:42:37.221Z", "dateReserved": "2025-06-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-08T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters."}], "id": "CVE-2025-52221", "lastModified": "2026-04-10T16:16:29.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-08T18:24:51.257", "references": [{"source": "cve@mitre.org", "url": "https://github.com/faqiadegege/IoTVuln/blob/main/tendaAc6_formSetCfm_funcname_overflow/detail.md"}, {"source": "cve@mitre.org", "url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15.03.05.16_multi"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "ac6", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-08T18:36:06.564015+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware release that addresses the buffer overflow issue.", "If no update is immediately available, restrict external access to the router\u2019s management interface using network controls or firewall rules.", "Monitor the device for abnormal behavior or unauthorized access attempts.", "Keep security patches up to date and verify firmware integrity on all network endpoints."], "summary": {"action": "Firmware Update", "impact": "Potential Remote Code Execution"}, "threat_synthesis": {"affected_systems": "This issue affects the Tenda AC6 router running firmware 15.03.05.16_multi. No other vendors or product variations are listed, and no detailed version range is available from the CNA data.", "description_and_impact": "The Tenda AC6 router, firmware version 15.03.05.16_multi, suffers from a buffer overflow in the formSetCfm function. The vulnerability is triggered when an attacker supplies malicious values for the funcname, funcpara1, and funcpara2 parameters, which are insufficiently validated before being copied into a fixed-size buffer. If an attacker can influence the size or contents of these inputs, the overflow may corrupt adjacent memory, allowing arbitrary code execution or denial-of-service on the device.", "risk_and_exploitability": "The vulnerability is high severity due to the buffer overflow, a well-known vector for remote code execution. While EPSS data is not provided and the issue is not listed in KEV, the lack of input validation implies that exploitation could be straightforward if an attacker can reach the affected function, likely through crafted HTTP requests to the router's web interface. The attack would require network connectivity to the device and knowledge of the vulnerable endpoint; once leveraged, it could give an attacker full control of the router."}}}}, "created": "2026-04-08T19:44:40.529382+00:00", "title": "Buffer Overflow Vulnerability in Tenda AC6 formSetCfm Function", "updated": "2026-04-09T08:22:52.585179+00:00", "vendors": ["tenda", "tenda$PRODUCT$ac6"], "weaknesses": ["CWE-119"]}