Cyber Resilience

CVE-2025-70252

HighPublic PoC

Published: 02 March 2026

Published
02 March 2026
Modified
06 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0003 7.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70252 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ac6 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-70252 is a stack overflow vulnerability in the /goform/WifiWpsStart component of Tenda AC6V2.0 running firmware version V15.03.06.23_multi. The vulnerability arises because the controllable parameters index and mode are spliced into a tmp buffer using sprintf without any size checks, allowing buffer overflow when certain conditions are met. It is classified under CWE-121 (Stack-based Buffer Overflow) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation leads to denial of service through high-impact availability disruption, such as device crashes, but does not enable confidentiality or integrity violations.

Mitigation details are available in the vendor advisory at https://www.tenda.com.cn/material/show/2855. Additional technical analysis is provided in the GitHub repository at https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2025-70252.

EU & UK References

Vulnerability details

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads…

more

to a stack overflow vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Stack-based buffer overflow in network-exposed web endpoint directly enables remote unauthenticated DoS via application/system exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-29121Same product: Tenda Ac6
CVE-2025-32010Same product: Tenda Ac6
CVE-2025-30256Same product: Tenda Ac6
CVE-2025-29029Same product: Tenda Ac6
CVE-2025-12225Same product: Tenda Ac6
CVE-2025-1814Same product: Tenda Ac6
CVE-2026-4960Same product: Tenda Ac6
CVE-2026-4961Same product: Tenda Ac6
CVE-2025-0349Same product: Tenda Ac6
CVE-2025-25343Same product: Tenda Ac6

Affected Assets

tenda
ac6 firmware
15.03.06.23_multi

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of controllable parameters like index and mode to ensure they do not exceed the tmp buffer size before sprintf processing, directly preventing the stack overflow.

preventdetect

Implements memory protections such as stack canaries, address space layout randomization, and non-executable stacks to prevent exploitation or detect stack buffer overflows in vulnerable code like sprintf.

prevent

Mandates timely flaw remediation through firmware updates from the vendor advisory, which patches the missing size checks in sprintf to eliminate the stack overflow vulnerability.

References