VYPR

AX3

by Tenda

CVEs (53)

  • CVE-2025-71023Jan 13, 2026
    risk 0.00cvss epss 0.00

    Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-71026Jan 13, 2026
    risk 0.00cvss epss 0.00

    Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-71024Jan 13, 2026
    risk 0.00cvss epss 0.00

    Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-65804Dec 8, 2025
    risk 0.00cvss epss 0.00

    Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).

  • CVE-2025-63152Nov 10, 2025
    risk 0.00cvss epss 0.00

    Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-63149Nov 10, 2025
    risk 0.00cvss epss 0.00

    Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-63455Nov 10, 2025
    risk 0.00cvss epss 0.00

    Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-63147Nov 10, 2025
    risk 0.00cvss epss 0.00

    Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-63454Oct 31, 2025
    risk 0.00cvss epss 0.00

    Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-55606Aug 22, 2025
    risk 0.00cvss epss 0.00

    Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.

  • CVE-2025-55603Aug 22, 2025
    risk 0.00cvss epss 0.00

    Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.

  • CVE-2025-55605Aug 22, 2025
    risk 0.00cvss epss 0.00

    Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.

  • CVE-2023-47422Feb 20, 2024
    risk 0.00cvss epss 0.00

    An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.

Page 3 of 3