Details of VAR-202603-0585

ID

VAR-202603-0585

CVE

CVE-2025-69765

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AX3 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-006175

DESCRIPTION

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-69765 // JVNDB: JVNDB-2026-006175

AFFECTED PRODUCTS

vendor:	tenda	model:	ax3	scope:	eq	version:	16.03.12.11	Trust: 1.0
vendor:	tenda	model:	ax3	scope:	eq	version:	ax3 firmware 16.03.12.11	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-006175 // NVD: CVE-2025-69765

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-69765
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-006175
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-69765
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-006175
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-006175 // NVD: CVE-2025-69765

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-006175 // NVD: CVE-2025-69765

PATCH

title:

Tenda AX3 Buffer Overflow in formGetIptv (Tenda-AX3-Buffer-Overflow-in-formGetIptv-2c9a595a7aef809db06fc8677ad4b2ba) Notion

url:

https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formGetIptv-2c9a595a7aef809db06fc8677ad4b2ba

Trust: 0.8

sources: JVNDB: JVNDB-2026-006175

EXTERNAL IDS

db:	NVD	id:	CVE-2025-69765	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-006175	Trust: 0.8

sources: JVNDB: JVNDB-2026-006175 // NVD: CVE-2025-69765

REFERENCES

url:	https://river-brow-763.notion.site/tenda-ax3-buffer-overflow-in-formgetiptv-2c9a595a7aef809db06fc8677ad4b2ba	Trust: 1.0
url:	https://river-brow-763.notion.site/tenda-ax3-buffer-overflow-in-formgetiptv-2c9a595a7aef809db06fc8677ad4b2ba?source=copy_link	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-69765	Trust: 0.8

sources: JVNDB: JVNDB-2026-006175 // NVD: CVE-2025-69765

SOURCES

db:	JVNDB	id:	JVNDB-2026-006175
db:	NVD	id:	CVE-2025-69765

LAST UPDATE DATE

2026-03-09T23:39:15.050000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-006175	date:	2026-03-06T06:39:00
db:	NVD	id:	CVE-2025-69765	date:	2026-03-04T14:04:54.033

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-006175	date:	2026-03-06T00:00:00
db:	NVD	id:	CVE-2025-69765	date:	2026-03-03T18:16:24.193