AX3
by Tenda
CVEs (53)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-71023 | 0.00 | — | 0.00 | Jan 13, 2026 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-71026 | 0.00 | — | 0.00 | Jan 13, 2026 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-71024 | 0.00 | — | 0.00 | Jan 13, 2026 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-65804 | 0.00 | — | 0.00 | Dec 8, 2025 | Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE). | |||
| CVE-2025-63152 | 0.00 | — | 0.00 | Nov 10, 2025 | Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-63149 | 0.00 | — | 0.00 | Nov 10, 2025 | Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-63455 | 0.00 | — | 0.00 | Nov 10, 2025 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-63147 | 0.00 | — | 0.00 | Nov 10, 2025 | Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-63454 | 0.00 | — | 0.00 | Oct 31, 2025 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-55606 | 0.00 | — | 0.00 | Aug 22, 2025 | Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter. | |||
| CVE-2025-55603 | 0.00 | — | 0.00 | Aug 22, 2025 | Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. | |||
| CVE-2025-55605 | 0.00 | — | 0.00 | Aug 22, 2025 | Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. | |||
| CVE-2023-47422 | 0.00 | — | 0.00 | Feb 20, 2024 | An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL. |
- CVE-2025-71023Jan 13, 2026risk 0.00cvss —epss 0.00
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-71026Jan 13, 2026risk 0.00cvss —epss 0.00
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-71024Jan 13, 2026risk 0.00cvss —epss 0.00
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-65804Dec 8, 2025risk 0.00cvss —epss 0.00
Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).
- CVE-2025-63152Nov 10, 2025risk 0.00cvss —epss 0.00
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63149Nov 10, 2025risk 0.00cvss —epss 0.00
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63455Nov 10, 2025risk 0.00cvss —epss 0.00
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63147Nov 10, 2025risk 0.00cvss —epss 0.00
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63454Oct 31, 2025risk 0.00cvss —epss 0.00
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-55606Aug 22, 2025risk 0.00cvss —epss 0.00
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
- CVE-2025-55603Aug 22, 2025risk 0.00cvss —epss 0.00
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.
- CVE-2025-55605Aug 22, 2025risk 0.00cvss —epss 0.00
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.
- CVE-2023-47422Feb 20, 2024risk 0.00cvss —epss 0.00
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.
Page 3 of 3