CVE-2025-65804

Name of the Vulnerable Software and Affected Versions Tenda AX3 version 16.03.12.11

Description The Tenda AX3 version 16.03.12.11 contains a stack overflow in the formSetIptv function through the iptvType parameter. This flaw can lead to memory corruption and potentially allow for remote code execution (RCE). The vulnerable API endpoint is formSetIptv and the vulnerable parameter is iptvType.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the formSetIptv function until a patch is available.