Details of VAR-202601-4073

ID

VAR-202601-4073

CVE

CVE-2025-69763

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AX3 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-001995

DESCRIPTION

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-69763 // JVNDB: JVNDB-2026-001995

AFFECTED PRODUCTS

vendor:	tenda	model:	ax3	scope:	eq	version:	16.03.12.11	Trust: 1.0
vendor:	tenda	model:	ax3	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	eq	version:	ax3 firmware 16.03.12.11	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-001995 // NVD: CVE-2025-69763

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-69763
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-001995
value:	CRITICAL
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-69763
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-001995
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001995 // NVD: CVE-2025-69763

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001995 // NVD: CVE-2025-69763

PATCH

title:

Tenda AX3 Buffer Overflow in formSetIptv (Tenda-AX3-Buffer-Overflow-in-formSetIptv-2c9a595a7aef8025a3c6c4b102d95dd4) Notion

url:

https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formSetIptv-2c9a595a7aef8025a3c6c4b102d95dd4

Trust: 0.8

sources: JVNDB: JVNDB-2026-001995

EXTERNAL IDS

db:	NVD	id:	CVE-2025-69763	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-001995	Trust: 0.8

sources: JVNDB: JVNDB-2026-001995 // NVD: CVE-2025-69763

REFERENCES

url:	https://river-brow-763.notion.site/tenda-ax3-buffer-overflow-in-formsetiptv-2c9a595a7aef8025a3c6c4b102d95dd4	Trust: 1.0
url:	https://river-brow-763.notion.site/tenda-ax3-buffer-overflow-in-formsetiptv-2c9a595a7aef8025a3c6c4b102d95dd4?source=copy_link	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-69763	Trust: 0.8

sources: JVNDB: JVNDB-2026-001995 // NVD: CVE-2025-69763

SOURCES

db:	JVNDB	id:	JVNDB-2026-001995
db:	NVD	id:	CVE-2025-69763

LAST UPDATE DATE

2026-01-30T23:54:14.236000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001995	date:	2026-01-28T03:34:00
db:	NVD	id:	CVE-2025-69763	date:	2026-01-26T20:37:36.303

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001995	date:	2026-01-28T00:00:00
db:	NVD	id:	CVE-2025-69763	date:	2026-01-21T18:16:24.157