Tenda AX3 Stack Overflow Vulnerability in formGetIptv Function Allowing Remote Code Execution

Vulnerability

A stack overflow vulnerability has been identified in the Tenda AX3 firmware version 16.03.12.11. The issue arises in the formGetIptv function, where the list parameter is improperly handled, leading to memory corruption. This vulnerability can be exploited to execute remote code on the device.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device.

Added: Mar 3, 2026, 6:20 PM

Updated: Mar 3, 2026, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

6.4

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

6.4

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AX3 Stack Overflow Vulnerability in formGetIptv Function Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

Tenda AX3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating