CVE-2025-46035: Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of serv...
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
Security readout for executives and security teams
Plain-English summary
CVE-2025-46035 is a remotely reachable buffer overflow reported in Tenda AC6 firmware v15.03.05.16. An unauthenticated attacker can send oversized schedule Wi-Fi parameters to the router’s web interface. The CVE description says denial of service, while its CVSS vector lists high confidentiality impact, so impact evidence is inconsistent.
Executive priority
Treat this as high priority for internet-exposed or unmanaged branch routers. The remediation path is not fully documented in the supplied sources, so prioritize exposure reduction and vendor confirmation before broader conclusions.
Technical view
The CVE identifies CWE-120 in the Tenda AC6 v15.03.05.16 /goform/openSchedWifi handler. Oversized schedStartTime and schedEndTime values in an unauthenticated HTTP GET request can trigger the flaw. Official affected-product metadata is listed as n/a, but the title and description name Tenda AC6 v15.03.05.16.
Likely exposure
Exposure is most likely where Tenda AC6 v15.03.05.16 web management is reachable from untrusted networks. Internet-facing or broadly accessible router administration interfaces are the primary concern. The provided CVE metadata does not identify additional affected models or firmware versions.
Exploitation context
The source bundle does not show CISA KEV listing or active exploitation. A public GitHub technical reference is cited, which may lower attacker research effort. No cited source confirms in-the-wild exploitation or a vendor patch.
Researcher notes
Key evidence gaps are incomplete CNA affected-product metadata, no cited vendor advisory, no named fixed version, and an impact mismatch between the denial-of-service description and CVSS confidentiality impact. Keep analysis bounded to Tenda AC6 v15.03.05.16 unless further sources expand scope.
Mitigation direction
Check Tenda guidance for patched firmware or official mitigation.
Disable remote administration if it is not required.
Restrict management access to trusted admin networks or VPN.
Block internet access to the router web interface.
Replace or isolate devices if no maintained firmware is available.
Validation and detection
Inventory Tenda AC6 devices and firmware versions.
Identify any device running v15.03.05.16.
Confirm router management is not exposed to untrusted networks.
Review logs for unusual requests to /goform/openSchedWifi.
Track CVE and vendor updates for corrected affected-product data.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-120: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-120 · source CWE mapping
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.