Details of VAR-202508-2414

ID

VAR-202508-2414

CVE

CVE-2025-55603

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AX3 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-012452

DESCRIPTION

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. Shenzhen Tenda Technology Co.,Ltd. of AX3 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. The Tenda AX3 is a dual-band gigabit wireless router for home use, launched by Tenda Technology. It supports the Wi-Fi 6 (802.11ax) standard and emphasizes high-performance network coverage and stable connections. This vulnerability stems from the fact that the ntpServer parameter in the fromSetSysTime function fails to properly validate the length of the input data. Attackers can exploit this vulnerability to cause a denial-of-service attack

Trust: 2.16

sources: NVD: CVE-2025-55603 // JVNDB: JVNDB-2025-012452 // CNVD: CNVD-2025-28850

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-28850

AFFECTED PRODUCTS

vendor:	tenda	model:	ax3	scope:	eq	version:	16.03.12.10_cn	Trust: 1.0
vendor:	tenda	model:	ax3	scope:	eq	version:	ax3 firmware 16.03.12.10 cn	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ax3 16.03.12.10 cn	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-28850 // JVNDB: JVNDB-2025-012452 // NVD: CVE-2025-55603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-55603
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-55603
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-55603
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-28850
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-28850
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-55603
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-55603
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-55603
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-28850 // JVNDB: JVNDB-2025-012452 // NVD: CVE-2025-55603 // NVD: CVE-2025-55603

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-012452 // NVD: CVE-2025-55603

EXTERNAL IDS

db:	NVD	id:	CVE-2025-55603	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-012452	Trust: 0.8
db:	CNVD	id:	CNVD-2025-28850	Trust: 0.6

sources: CNVD: CNVD-2025-28850 // JVNDB: JVNDB-2025-012452 // NVD: CVE-2025-55603

REFERENCES

url:	https://github.com/wudipjq/my_vuln/blob/main/tenda3/vuln_45/45.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2025-55603	Trust: 0.8

sources: CNVD: CNVD-2025-28850 // JVNDB: JVNDB-2025-012452 // NVD: CVE-2025-55603

SOURCES

db:	CNVD	id:	CNVD-2025-28850
db:	JVNDB	id:	JVNDB-2025-012452
db:	NVD	id:	CVE-2025-55603

LAST UPDATE DATE

2025-11-23T23:41:28.512000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-28850	date:	2025-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2025-012452	date:	2025-08-27T03:19:00
db:	NVD	id:	CVE-2025-55603	date:	2025-09-26T12:53:27.160

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-28850	date:	2025-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2025-012452	date:	2025-08-27T00:00:00
db:	NVD	id:	CVE-2025-55603	date:	2025-08-22T16:15:45.517