How to fix CVE-2025-69764?

Within 24 hours: Inventory all Tenda AX3 devices in your network and isolate affected units from production environments if operationally feasible. Within 7 days: Implement network segmentation to restrict access to vulnerable devices and deploy WAF rules to block malicious payloads targeting the formGetIptv function. Within 30 days: Replace affected Tenda AX3 units with alternative vendors or await vendor patch release; monitor Tenda security advisories daily for patch availability.

Is Stack Overflow affected by CVE-2025-69764?

A critical remote code execution vulnerability (CVE-2025-69764) affects Tenda AX3 routers running firmware v16.03.12.11, with a CVSS score of 9.8 and active public exploits.

CVE-2025-69764

CRITICAL

2026-01-22 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 26, 2026 - 20:39 vuln.today

Public exploit code

CVE Published

Jan 22, 2026 - 16:16 nvd

CRITICAL 9.8

Description

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.

Analysis

Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution.

Technical Context

Another CWE-121 stack-based buffer overflow in the formGetIptv function of Tenda AX3 firmware v16.03.12.11, exploitable through a different parameter than the previously discovered overflow (CVE-2025-69766).

Affected Products

['Tenda AX3 firmware v16.03.12.11']

Remediation

Update firmware. Replace Tenda AX3 if no firmware updates are available.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +49

POC: +20

CVE-2025-69764 vulnerability details – vuln.today

Back

CVE-2025-69764

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-69764

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code