Tenda AX3 Buffer Overflow Vulnerability in Time Synchronization Function

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda AX3 router, specifically in version V16.03.12.10_CN. The issue arises in the fromSetSysTime function, where the ntpServer parameter is improperly handled, leading to potential memory corruption.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can commonly lead to arbitrary code execution or causing a denial-of-service condition.

Added: Aug 22, 2025, 4:19 PM

Updated: Aug 22, 2025, 6:50 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AX3 Buffer Overflow Vulnerability in Time Synchronization Function

Vulnerability

Impact

Affected Products

Tenda AX3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating