A vulnerability classified as critical has been found in Tenda AC6 15.03.06.23. Impacted is the function fromSetSysTime. This manipulation of the argument ntpServer causes buffer overflow.

The identification of this vulnerability is CVE-2025-55499. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.