Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Tenda AC6V2.0 Router WiFi WPS Start Page Stack Overflow
CVE-2025-70252
Summary
A security flaw in the Tenda AC6V2.0 router's WiFi WPS start page can cause the device to run out of memory, potentially leading to a crash or allowing an attacker to take control of the router. This issue is likely to be exploitable by a remote attacker. Update to the latest firmware to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | ac6_firmware | 15.03.06.23_multi | – |
Original title
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is ...
Original description
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.
nvd CVSS3.1
7.5
Vulnerability type
CWE-121
Stack-based Buffer Overflow
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026