Skip to main content

Ax3 Firmware CVE-2025-55605

HIGH
Classic Buffer Overflow (CWE-120)
2025-08-22 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:08 vuln.today
PoC Detected
Sep 26, 2025 - 12:53 vuln.today
Public exploit code
CVE Published
Aug 22, 2025 - 16:15 nvd
HIGH 7.5

DescriptionCVE.org

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.

AnalysisAI

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. Affected products include: Tenda Ax3 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2023-51812 CRITICAL POC
9.8 Jan 04

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /

CVE-2025-69766 CRITICAL POC
9.8 Jan 21

Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code executio

CVE-2025-69763 CRITICAL POC
9.8 Jan 21

Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution t

CVE-2025-69762 CRITICAL POC
9.8 Jan 21

Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to

CVE-2025-69764 CRITICAL POC
9.8 Jan 22

Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remot

CVE-2023-49409 CRITICAL POC
9.8 Dec 07

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. Rate

CVE-2023-49408 CRITICAL POC
9.8 Dec 07

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. Rated critical sever

CVE-2023-27240 CRITICAL POC
9.8 Mar 15

Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/Ad

CVE-2023-27239 CRITICAL POC
9.8 Mar 15

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.

CVE-2023-24212 CRITICAL POC
9.8 Feb 23

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. Ra

CVE-2022-24995 CRITICAL POC
9.8 Mar 10

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. Rated critical seve

CVE-2023-27042 HIGH POC
8.8 Mar 24

Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg. Rated high severity (CVSS 8.8), this

Share

CVE-2025-55605 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy