Ax9 Firmware
by Tenda
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14636 | Low | 0.24 | 3.7 | 0.00 | Dec 13, 2025 | A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is… | ||
| CVE-2025-69765 | 0.00 | — | 0.01 | Mar 3, 2026 | Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. | |||
| CVE-2025-69764 | 0.00 | — | 0.01 | Jan 22, 2026 | Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution. | |||
| CVE-2025-69766 | 0.00 | — | 0.01 | Jan 21, 2026 | Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution. | |||
| CVE-2025-69762 | 0.00 | — | 0.01 | Jan 21, 2026 | Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution. | |||
| CVE-2025-69763 | 0.00 | — | 0.01 | Jan 21, 2026 | Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution. | |||
| CVE-2024-40415 | 0.00 | — | 0.00 | Jul 15, 2024 | A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | |||
| CVE-2024-40414 | 0.00 | — | 0.00 | Jul 15, 2024 | A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | |||
| CVE-2024-40416 | 0.00 | — | 0.01 | Jul 15, 2024 | A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. |
- risk 0.24cvss 3.7epss 0.00
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is…
- CVE-2025-69765Mar 3, 2026risk 0.00cvss —epss 0.01
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.
- CVE-2025-69764Jan 22, 2026risk 0.00cvss —epss 0.01
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.
- CVE-2025-69766Jan 21, 2026risk 0.00cvss —epss 0.01
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.
- CVE-2025-69762Jan 21, 2026risk 0.00cvss —epss 0.01
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution.
- CVE-2025-69763Jan 21, 2026risk 0.00cvss —epss 0.01
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution.
- CVE-2024-40415Jul 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
- CVE-2024-40414Jul 15, 2024risk 0.00cvss —epss 0.00
A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
- CVE-2024-40416Jul 15, 2024risk 0.00cvss —epss 0.01
A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.