CVE-2025-30256

Summary

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
TendaAC6 V5.0V02.03.01.110affected

Weaknesses

  • CWE-772: CWE-772: Missing Release of Resource after Effective Lifetime

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References