Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-69765 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-03-04 | N/A | 7.5 HIGH |
|
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.
|
|||||
| CVE-2025-69764 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | N/A | 9.8 CRITICAL |
|
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.
|
|||||
| CVE-2025-69766 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | N/A | 9.8 CRITICAL |
|
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.
|
|||||
| CVE-2025-69762 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | N/A | 9.8 CRITICAL |
|
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution.
|
|||||
| CVE-2025-69763 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | N/A | 9.8 CRITICAL |
|
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution.
|
|||||
| CVE-2025-71023 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-20 | N/A | 7.5 HIGH |
|
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
|
|||||
| CVE-2025-71024 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
|
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
|
|||||
| CVE-2025-71025 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
|
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
|
|||||
| CVE-2025-71027 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
|
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
|
|||||
| CVE-2025-71026 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
|
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
|
|||||
| CVE-2025-65804 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-12-11 | N/A | 6.5 MEDIUM |
|
Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).
|
|||||
| CVE-2025-63147 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-18 | N/A | 7.5 HIGH |
|
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
|
|||||
| CVE-2025-63149 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-17 | N/A | 7.5 HIGH |
|
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
|
|||||
| CVE-2025-63455 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-17 | N/A | 7.5 HIGH |
|
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
|
|||||
| CVE-2025-63152 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-17 | N/A | 7.5 HIGH |
|
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
|
|||||
| CVE-2025-63454 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-05 | N/A | 7.5 HIGH |
|
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
|
|||||
| CVE-2025-55606 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | N/A | 7.5 HIGH |
|
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
|
|||||
| CVE-2025-55605 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | N/A | 7.5 HIGH |
|
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.
|
|||||
| CVE-2025-55603 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | N/A | 7.5 HIGH |
|
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.
|
|||||
| CVE-2023-51812 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-06-03 | N/A | 9.8 CRITICAL |
|
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.
|
|||||
| CVE-2023-47422 | 1 Tenda | 8 Ax12, Ax12 Firmware, Ax3 and 5 more | 2025-04-25 | N/A | 8.8 HIGH |
|
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.
|
|||||
| CVE-2023-27239 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-02-27 | N/A | 9.8 CRITICAL |
|
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.
|
|||||
| CVE-2023-27042 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-02-20 | N/A | 8.8 HIGH |
|
Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.
|
|||||
| CVE-2023-49409 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
|
|||||
| CVE-2023-49408 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.
|
|||||
| CVE-2023-40915 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.
|
|||||
| CVE-2023-27240 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.
|
|||||
| CVE-2023-24212 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.
|
|||||
| CVE-2022-24995 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
|
|||||
| CVE-2022-24163 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.
|
|||||
| CVE-2022-24162 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
|
|||||
| CVE-2022-24161 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter.
|
|||||
| CVE-2022-24160 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.
|
|||||
| CVE-2022-24159 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters.
|
|||||
| CVE-2022-24158 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
|
|||||
| CVE-2022-24157 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter.
|
|||||
| CVE-2022-24156 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
|
|||||
| CVE-2022-24155 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters.
|
|||||
| CVE-2022-24154 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter.
|
|||||
| CVE-2022-24153 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.
|
|||||