PT-2026-3841 · Tenda · Tenda Ax3
Published
2026-01-21
·
Updated
2026-01-21
·
CVE-2025-69766
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda AX3 firmware version 16.03.12.11
Description
The Tenda AX3 firmware contains a stack-based buffer overflow in the
formGetIptv function. This is due to improper handling of the citytag stack buffer, potentially leading to memory corruption and remote code execution.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ax3