Every CVE whose affected-product data names Tenda Ax3 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (53)
CVE-2023-51812 — CVSS 9.8 (critical): Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at…
CVE-2022-24150 — CVSS 9.8 (critical): Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This…
CVE-2021-46394 — CVSS 9.8 (critical): There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is…
CVE-2022-24995 — CVSS 9.8 (critical): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to…
CVE-2023-24212 — CVSS 9.8 (critical): Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.
CVE-2023-49409 — CVSS 9.8 (critical): Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
CVE-2022-24144 — CVSS 9.8 (critical): Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This…
CVE-2023-27239 — CVSS 9.8 (critical): Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.
CVE-2023-27240 — CVSS 9.8 (critical): Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.
CVE-2021-46393 — CVSS 9.8 (critical): There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is…
CVE-2025-69762 — CVSS 9.8 (critical): Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and…
CVE-2025-69763 — CVSS 9.8 (critical): Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and…
CVE-2025-69764 — CVSS 9.8 (critical): Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid…
CVE-2022-24148 — CVSS 9.8 (critical): Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows…
CVE-2025-69766 — CVSS 9.8 (critical): Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag…
CVE-2023-47422 — CVSS 8.8 (high): An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda…
CVE-2022-24162 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows…
CVE-2022-24163 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to…
CVE-2023-40915 — CVSS 7.5 (high): Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows…
CVE-2025-55603 — CVSS 7.5 (high): Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.
CVE-2025-55605 — CVSS 7.5 (high): Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.
CVE-2025-55606 — CVSS 7.5 (high): Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
CVE-2025-63147 — CVSS 7.5 (high): Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This…
CVE-2025-63149 — CVSS 7.5 (high): Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function…
CVE-2025-63152 — CVSS 7.5 (high): Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function…
CVE-2025-63454 — CVSS 7.5 (high): Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info…
CVE-2025-63455 — CVSS 7.5 (high): Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function…
CVE-2025-69765 — CVSS 7.5 (high): Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption…
CVE-2025-71023 — CVSS 7.5 (high): Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This…
CVE-2025-71024 — CVSS 7.5 (high): Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function…
CVE-2025-71025 — CVSS 7.5 (high): Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This…
CVE-2025-71026 — CVSS 7.5 (high): Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This…
CVE-2025-71027 — CVSS 7.5 (high): Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This…
CVE-2022-24142 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows…
CVE-2022-24143 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set…
CVE-2022-24145 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers…
CVE-2022-24146 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to…
CVE-2022-24147 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows…
CVE-2022-24149 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows…
CVE-2022-24151 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows…
CVE-2022-24152 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows…
CVE-2022-24153 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows…
CVE-2022-24154 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows…
CVE-2022-24155 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to…
CVE-2022-24156 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers…
CVE-2022-24157 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows…
CVE-2022-24158 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers…
CVE-2022-24159 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers…
CVE-2022-24160 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers…
CVE-2022-24161 — CVSS 7.5 (high): Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows…
CVE-2025-65804 — CVSS 6.5 (medium): Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable…