Tenda AX3 Stack Overflow Vulnerability in formSetIptv Allowing Remote Code Execution

Vulnerability

A stack overflow vulnerability has been identified in the Tenda AX3 firmware version 16.03.12.11. The issue arises in the formSetIptv function, where the list parameter is improperly handled, leading to memory corruption. This vulnerability can be exploited to execute remote code on the device.

Impact

Exploitation of this vulnerability can lead to memory corruption and allow for remote code execution on the affected device.

Added: Jan 21, 2026, 6:51 PM

Updated: Jan 21, 2026, 6:51 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

3.9

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

3.9

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AX3 Stack Overflow Vulnerability in formSetIptv Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

Tenda AX3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating