Tenda AX3 Stack Overflow Vulnerability in formSetIptv Allowing Remote Code Execution

Vulnerability

A stack overflow vulnerability has been identified in the Tenda AX3 firmware version 16.03.12.11. The issue arises in the formSetIptv function, where the vlanId parameter is improperly handled. This vulnerability can lead to memory corruption and potentially allow for remote code execution.

Impact

Exploitation of this vulnerability can result in a stack-based buffer overflow, causing memory corruption and enabling remote code execution on the affected device.

Added: Jan 21, 2026, 6:49 PM

Updated: Jan 21, 2026, 6:49 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

7.0

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

7.0

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AX3 Stack Overflow Vulnerability in formSetIptv Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

Tenda AX3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating