Details of VAR-202512-0339

ID

VAR-202512-0339

CVE

CVE-2025-65804

TITLE

Tenda Ax3 buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-30563

DESCRIPTION

Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE). The Tenda Ax3 is an Ax1800 gigabit dual-band Wi-Fi 6 wireless router manufactured by Tenda, a Chinese company. Version 16.03.12.11 of the Tenda Ax3 contains a buffer overflow vulnerability. This vulnerability stems from the iptvType parameter failing to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2025-65804 // CNVD: CNVD-2025-30563

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-30563

AFFECTED PRODUCTS

vendor:

tenda

model:

ax3

scope:

version:

16.03.12.11

Trust: 1.6

sources: CNVD: CNVD-2025-30563 // NVD: CVE-2025-65804

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-65804
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-30563
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-30563
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-65804
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-30563 // NVD: CVE-2025-65804

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.0

sources: NVD: CVE-2025-65804

EXTERNAL IDS

db:	NVD	id:	CVE-2025-65804	Trust: 1.6
db:	CNVD	id:	CNVD-2025-30563	Trust: 0.6

sources: CNVD: CNVD-2025-30563 // NVD: CVE-2025-65804

REFERENCES

url:	https://river-brow-763.notion.site/tenda-ax3-buffer-overflow-in-formsetiptv-2aaa595a7aef8072968edc528a2d95b1	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-65804	Trust: 0.6

sources: CNVD: CNVD-2025-30563 // NVD: CVE-2025-65804

SOURCES

db:	CNVD	id:	CNVD-2025-30563
db:	NVD	id:	CVE-2025-65804

LAST UPDATE DATE

2025-12-19T19:39:42.661000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-30563	date:	2025-12-12T00:00:00
db:	NVD	id:	CVE-2025-65804	date:	2025-12-11T00:03:09.970

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-30563	date:	2025-12-12T00:00:00
db:	NVD	id:	CVE-2025-65804	date:	2025-12-08T18:15:53.980