CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-60340

Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.7%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda/SetClientState/SetClientState.md

Products affected by CVE-2025-60340

Tenda » Ac6 » Version: 2.0

cpe:2.3:h:tenda:ac6:2.0
Tenda » Ac6 Firmware » Version: 15.03.06.50

cpe:2.3:o:tenda:ac6_firmware:15.03.06.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60340

Products

Pricing

Contact Us