CVE-2025-70252
Published: 02 March 2026
Summary
CVE-2025-70252 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ac6 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-70252 is a stack overflow vulnerability in the /goform/WifiWpsStart component of Tenda AC6V2.0 running firmware version V15.03.06.23_multi. The vulnerability arises because the controllable parameters index and mode are spliced into a tmp buffer using sprintf without any size checks, allowing buffer overflow when certain conditions are met. It is classified under CWE-121 (Stack-based Buffer Overflow) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation leads to denial of service through high-impact availability disruption, such as device crashes, but does not enable confidentiality or integrity violations.
Mitigation details are available in the vendor advisory at https://www.tenda.com.cn/material/show/2855. Additional technical analysis is provided in the GitHub repository at https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2025-70252.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208181
Vulnerability details
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads…
more
to a stack overflow vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in network-exposed web endpoint directly enables remote unauthenticated DoS via application/system exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of controllable parameters like index and mode to ensure they do not exceed the tmp buffer size before sprintf processing, directly preventing the stack overflow.
Implements memory protections such as stack canaries, address space layout randomization, and non-executable stacks to prevent exploitation or detect stack buffer overflows in vulnerable code like sprintf.
Mandates timely flaw remediation through firmware updates from the vendor advisory, which patches the missing size checks in sprintf to eliminate the stack overflow vulnerability.