Details of VAR-202601-3903

ID

VAR-202601-3903

CVE

CVE-2025-69764

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AX3 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-001994

DESCRIPTION

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-69764 // JVNDB: JVNDB-2026-001994

AFFECTED PRODUCTS

vendor:	tenda	model:	ax3	scope:	eq	version:	16.03.12.11	Trust: 1.0
vendor:	tenda	model:	ax3	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	eq	version:	ax3 firmware 16.03.12.11	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-001994 // NVD: CVE-2025-69764

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-69764
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-001994
value:	CRITICAL
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-69764
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-001994
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001994 // NVD: CVE-2025-69764

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001994 // NVD: CVE-2025-69764

PATCH

title:

Tenda AX3 Buffer Overflow in formGetIptv (Tenda-AX3-Buffer-Overflow-in-formGetIptv-2c9a595a7aef80e9b90fdaa56f51374b) Notion

url:

https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formGetIptv-2c9a595a7aef80e9b90fdaa56f51374b

Trust: 0.8

sources: JVNDB: JVNDB-2026-001994

EXTERNAL IDS

db:	NVD	id:	CVE-2025-69764	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-001994	Trust: 0.8

sources: JVNDB: JVNDB-2026-001994 // NVD: CVE-2025-69764

REFERENCES

url:	https://river-brow-763.notion.site/tenda-ax3-buffer-overflow-in-formgetiptv-2c9a595a7aef80e9b90fdaa56f51374b	Trust: 1.0
url:	https://river-brow-763.notion.site/tenda-ax3-buffer-overflow-in-formgetiptv-2c9a595a7aef80e9b90fdaa56f51374b?source=copy_link	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-69764	Trust: 0.8

sources: JVNDB: JVNDB-2026-001994 // NVD: CVE-2025-69764

SOURCES

db:	JVNDB	id:	JVNDB-2026-001994
db:	NVD	id:	CVE-2025-69764

LAST UPDATE DATE

2026-01-29T23:47:07.614000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001994	date:	2026-01-28T03:34:00
db:	NVD	id:	CVE-2025-69764	date:	2026-01-26T20:39:22.757

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001994	date:	2026-01-28T00:00:00
db:	NVD	id:	CVE-2025-69764	date:	2026-01-22T16:16:07.660