Tenda Ax3 Firmware vulnerabilities

CVE-2025-69765 [HIGH] CWE-121 CVE-2025-69765: Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list param Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.

CVE-2025-69764 [CRITICAL] CWE-121 CVE-2025-69764: Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function d Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.

CVE-2025-69763 [CRITICAL] CWE-121 CVE-2025-69763: Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, w Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution.

CVE-2025-69762 [CRITICAL] CWE-121 CVE-2025-69762: Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, whi Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution.

CVE-2025-69766 [CRITICAL] CWE-121 CVE-2025-69766: Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function d Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.

CVE-2025-71026 [HIGH] CWE-787 CVE-2025-71026: Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71023 [HIGH] CWE-121 CVE-2025-71023: Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the f Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71027 [HIGH] CWE-787 CVE-2025-71027: Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of th Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71025 [HIGH] CWE-787 CVE-2025-71025: Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71024 [HIGH] CWE-787 CVE-2025-71024: Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-65804 [MEDIUM] CWE-121 CVE-2025-65804: Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which ca Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).

CVE-2025-63149 [HIGH] CWE-121 CVE-2025-63149: Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the ge Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63455 [HIGH] CWE-121 CVE-2025-63455: Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter i Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63147 [HIGH] CWE-787 CVE-2025-63147: Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of th Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63152 [HIGH] CWE-121 CVE-2025-63152: Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63454 [HIGH] CWE-121 CVE-2025-63454: Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-55605 [HIGH] CWE-120 CVE-2025-55605: Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.

CVE-2025-55603 [HIGH] CWE-120 CVE-2025-55603: Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the nt Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.

CVE-2025-55606 [HIGH] CWE-120 CVE-2025-55606: Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via t Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.

CVE-2023-47422 [HIGH] CWE-284 CVE-2023-47422: An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.