Primary

Context

Tenda AX-3 Stack Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

A stack overflow vulnerability has been identified in the Tenda AX-3 router, specifically in version v16.03.12.10_CN. The issue arises in the 'fromSetWifiGusetBasic' function, where the 'shareSpeed' parameter is processed without proper length validation. This flaw allows attackers to send crafted requests that trigger the overflow, causing a denial-of-service condition by crashing the router and disrupting its normal service.

Impact

Exploitation of this vulnerability causes the router to crash, leading to a persistent denial-of-service condition where the device fails to provide normal services.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/WifiGuestSet' endpoint with a 'shareSpeed' parameter containing an excessively long string. This can be done using a script that automates the request, such as one written in Python using the 'requests' library.

Added: Nov 10, 2025, 5:21 PM

Updated: Nov 10, 2025, 7:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AX-3 Stack Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating