Skip to main content

Ax3 Firmware CVE-2023-27239

CRITICAL
Out-of-bounds Write (CWE-787)
2023-03-15 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 15, 2023 - 06:15 nvd
CRITICAL 9.8

DescriptionNVD

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.

AnalysisAI

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet. Affected products include: Tenda Ax3 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2023-51812 CRITICAL POC
9.8 Jan 04

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /

CVE-2025-69766 CRITICAL POC
9.8 Jan 21

Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code executio

CVE-2025-69763 CRITICAL POC
9.8 Jan 21

Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution t

CVE-2025-69762 CRITICAL POC
9.8 Jan 21

Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to

CVE-2025-69764 CRITICAL POC
9.8 Jan 22

Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remot

CVE-2023-49409 CRITICAL POC
9.8 Dec 07

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. Rate

CVE-2023-49408 CRITICAL POC
9.8 Dec 07

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. Rated critical sever

CVE-2023-27240 CRITICAL POC
9.8 Mar 15

Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/Ad

CVE-2023-24212 CRITICAL POC
9.8 Feb 23

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. Ra

CVE-2022-24995 CRITICAL POC
9.8 Mar 10

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. Rated critical seve

CVE-2023-27042 HIGH POC
8.8 Mar 24

Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg. Rated high severity (CVSS 8.8), this

CVE-2025-69765 HIGH POC
7.5 Mar 03

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can caus

Share

CVE-2023-27239 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy