Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-69764 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | N/A | 9.8 CRITICAL |
| Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution. | |||||
| CVE-2025-69766 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | N/A | 9.8 CRITICAL |
| Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution. | |||||
| CVE-2025-69762 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | N/A | 9.8 CRITICAL |
| Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution. | |||||
| CVE-2025-69763 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | N/A | 9.8 CRITICAL |
| Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution. | |||||
| CVE-2025-71023 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-20 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71024 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71025 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71027 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71026 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-65804 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-12-11 | N/A | 6.5 MEDIUM |
| Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE). | |||||
| CVE-2025-63147 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-18 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63149 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63455 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63152 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63454 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-55606 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter. | |||||
| CVE-2025-55605 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. | |||||
| CVE-2025-55603 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. | |||||
| CVE-2023-51812 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-06-03 | N/A | 9.8 CRITICAL |
| Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList. | |||||
| CVE-2023-47422 | 1 Tenda | 8 Ax12, Ax12 Firmware, Ax3 and 5 more | 2025-04-25 | N/A | 8.8 HIGH |
| An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL. | |||||