Details of VAR-202601-3750

ID

VAR-202601-3750

CVE

CVE-2025-69762

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AX3 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-001996

DESCRIPTION

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-69762 // JVNDB: JVNDB-2026-001996

AFFECTED PRODUCTS

vendor:	tenda	model:	ax3	scope:	eq	version:	16.03.12.11	Trust: 1.0
vendor:	tenda	model:	ax3	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	eq	version:	ax3 firmware 16.03.12.11	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-001996 // NVD: CVE-2025-69762

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-69762
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-001996
value:	CRITICAL
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-69762
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-001996
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001996 // NVD: CVE-2025-69762

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001996 // NVD: CVE-2025-69762

PATCH

title:

Tenda AX3 Buffer Overflow in formSetIptv (Tenda-AX3-Buffer-Overflow-in-formSetIptv-2c9a595a7aef80718ff2c3869d32392d) Notion

url:

https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formSetIptv-2c9a595a7aef80718ff2c3869d32392d

Trust: 0.8

sources: JVNDB: JVNDB-2026-001996

EXTERNAL IDS

db:	NVD	id:	CVE-2025-69762	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-001996	Trust: 0.8

sources: JVNDB: JVNDB-2026-001996 // NVD: CVE-2025-69762

REFERENCES

url:	https://river-brow-763.notion.site/tenda-ax3-buffer-overflow-in-formsetiptv-2c9a595a7aef80718ff2c3869d32392d?pvs=74	Trust: 1.0
url:	https://river-brow-763.notion.site/tenda-ax3-buffer-overflow-in-formsetiptv-2c9a595a7aef80718ff2c3869d32392d	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-69762	Trust: 0.8

sources: JVNDB: JVNDB-2026-001996 // NVD: CVE-2025-69762

SOURCES

db:	JVNDB	id:	JVNDB-2026-001996
db:	NVD	id:	CVE-2025-69762

LAST UPDATE DATE

2026-01-29T23:48:19.148000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001996	date:	2026-01-28T03:34:00
db:	NVD	id:	CVE-2025-69762	date:	2026-01-26T20:38:07.200

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001996	date:	2026-01-28T00:00:00
db:	NVD	id:	CVE-2025-69762	date:	2026-01-21T18:16:24.053