{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-50641", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-08T17:21:40.238Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2025-07-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T17:21:40.238Z"}, "descriptions": [{"lang": "en", "value": "Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/faqiadegege/IoTVuln/blob/main/tendaAC6_addWifiMacFilter_deviceId_overflow/detail.md"}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-01T15:50:50.209911Z", "id": "CVE-2025-50641", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T15:53:39.079Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-50641", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-01T15:50:50.209911Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T15:51:39.544Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/faqiadegege/IoTVuln/blob/main/tendaAC6_addWifiMacFilter_deviceId_overflow/detail.md"}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "descriptions": [{"lang": "en", "value": "Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T17:21:40.238Z"}}}, "cveMetadata": {"cveId": "CVE-2025-50641", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:21:40.238Z", "dateReserved": "2025-06-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-07-01T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16_multi:*:*:*:*:*:*:*", "matchCriteriaId": "D0E5BB82-F2E3-4BB9-AE3C-267D3462CA96", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*", "matchCriteriaId": "00830EE1-D0BB-462E-9F15-4E59560C14B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId."}, {"lang": "es", "value": "Tenda AC6 15.03.05.16_multi es vulnerable al desbordamiento del b\u00fafer en la funci\u00f3n addWifiMacFilter a trav\u00e9s del par\u00e1metro deviceId."}], "id": "CVE-2025-50641", "lastModified": "2026-04-08T19:24:14.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-01T16:15:23.453", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/faqiadegege/IoTVuln/blob/main/tendaAC6_addWifiMacFilter_deviceId_overflow/detail.md"}, {"source": "cve@mitre.org", "url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:25:27.169421+00:00", "value": {"mitigation_remediation": ["Check for and install any firmware update from Tenda that addresses the buffer overflow in the addWifiMacFilter function.", "If an update is not yet available, disable remote management features and restrict traffic to the device\u2019s administration interfaces to the least necessary subset of trusted hosts.", "Continuously monitor the router\u2019s logs for anomalous requests to the Wi\u2011Fi configuration API, and block or rate\u2011limit suspicious traffic."], "summary": {"action": "Monitor", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "Affected by this flaw are Tenda AC6 routers running firmware 15.03.05.16_multi. The vulnerability is present whenever the addWifiMacFilter API is exposed, which typically occurs when the device has remote management enabled or when LAN hosts communicate with the router to configure Wi\u2011Fi settings.", "description_and_impact": "The vulnerability is a classic buffer overflow in the addWifiMacFilter function of Tenda AC6 firmware version 15.03.05.16_multi. The flaw originates from improper handling of the deviceId parameter, allowing an attacker to send an oversized value that overwrites memory adjacent to the buffer. This can lead to arbitrary code execution or denial of service if exploited successfully, as the corrupted memory region may contain executable code or control data.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate severity. The EPSS score of less than 1% suggests that, at the time of this analysis, the likelihood of public exploitation is very low. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote via network traffic sent to the router\u2019s API, requiring no local access or privileged credentials."}}}}, "created": "2026-04-20T22:30:19.872639+00:00", "title": "Buffer Overflow in Tenda AC6 WiFi MAC Filter Function", "updated": "2026-04-20T22:30:19.872651+00:00", "vendors": []}