EUVD-2025-28774

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

A critical remote stack overflow in the Tenda router through schedStartTime and schedEndTime in openSchedWifi.

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the setSchedWifi function in Tenda AS5 microprogrammed router software, which allows for the execution of arbitrary code.	30 Jun 202500:00	–	bdu_fstec
Circl	CVE-2025-6886	30 Jun 202504:25	–	circl
CNNVD	Tenda AC5 安全漏洞	30 Jun 202500:00	–	cnnvd
CNVD	Tenda AC5 Stack Buffer Overflow Vulnerability	4 Jul 202500:00	–	cnvd
CVE	CVE-2025-6886	30 Jun 202504:02	–	cve
Cvelist	CVE-2025-6886 Tenda AC5 openSchedWifi stack-based overflow	30 Jun 202504:02	–	cvelist
NVD	CVE-2025-6886	30 Jun 202505:15	–	nvd
OSV	CVE-2025-6886	30 Jun 202505:15	–	osv
Positive Technologies	PT-2025-27405 · Tenda · Tenda Ac5	30 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-6886	2 Jul 202504:07	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "ddc11713-13a3-3e26-aaa4-fbe06db04c45",
        "vendor": {
          "name": "Tenda"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "9285b453-6311-3b49-972a-cdfa378d1a1c",
        "product": {
          "name": "AC5"
        },
        "product_version": "15.03.06.47"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
lavender-bicycle-a5a	www.lavender-bicycle-a5a.notion.site/Tenda-AC5-setSchedWifi_schedEndTime-21d53a41781f80fb8a90f08898e8d404
lavender-bicycle-a5a	www.lavender-bicycle-a5a.notion.site/Tenda-AC5-setSchedWifi_schedStartTime-21d53a41781f803f97eeddd9828c5c84
tenda	www.tenda.com.cn/

03 Oct 2025 20:07Current

8.8High risk

Vulners AI Score8.8

CVSS 48.7

CVSS 3.18.8

CVSS 29

CVSS 38.8

EPSS0.01566

SSVC