Details of VAR-202601-1302

ID

VAR-202601-1302

CVE

CVE-2025-71027

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AX3 Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-001561

DESCRIPTION

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. DoS ) attacks.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-71027 // JVNDB: JVNDB-2026-001561

AFFECTED PRODUCTS

vendor:	tenda	model:	ax3	scope:	eq	version:	16.03.12.10_cn	Trust: 1.0
vendor:	tenda	model:	ax3	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	eq	version:	ax3 firmware 16.03.12.10_cn	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-001561 // NVD: CVE-2025-71027

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-71027
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-71027
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-71027
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2025-71027
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2025-71027
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001561 // NVD: CVE-2025-71027 // NVD: CVE-2025-71027

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001561 // NVD: CVE-2025-71027

PATCH

title:

VulnbyCola/Tenda/AX-3/8/1.md at main 0-fool/VulnbyCola GitHub

url:

https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-3/8/1.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-001561

EXTERNAL IDS

db:	NVD	id:	CVE-2025-71027	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-001561	Trust: 0.8

sources: JVNDB: JVNDB-2026-001561 // NVD: CVE-2025-71027

REFERENCES

url:	https://github.com/0-fool/vulnbycola/blob/main/tenda/ax-3/8/1.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-71027	Trust: 0.8

sources: JVNDB: JVNDB-2026-001561 // NVD: CVE-2025-71027

SOURCES

db:	JVNDB	id:	JVNDB-2026-001561
db:	NVD	id:	CVE-2025-71027

LAST UPDATE DATE

2026-01-21T23:42:35.293000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001561	date:	2026-01-19T10:40:00
db:	NVD	id:	CVE-2025-71027	date:	2026-01-16T18:24:14.237

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001561	date:	2026-01-19T00:00:00
db:	NVD	id:	CVE-2025-71027	date:	2026-01-13T16:16:05.630