Tenda AX3 Buffer Overflow

MEDIUM (6.5) No Patch (6 days)
cwe-121ax3buffer-overflowiptvnetworking-devicercetenda

Threat Intelligence

Low Risk
EPSS Score: 0.07% chance of exploitation (percentile: 21%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Tenda AX3 is a networking device used for managing IPTV services. The vulnerability in Tenda AX3 v16.03.12.11 allows attackers to execute arbitrary code on the device by sending a malicious string via the iptvType parameter, potentially leading to remote code execution (RCE) and memory corruption.

Am I affected?

Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Tenda / AX3

How to fix

  1. Upgrade to Tenda AX3 version 16.03.12.12 or later from the official Tenda website.
  2. Immediate mitigations:
  3. Restrict network access to your Tenda AX3 instance (firewall it from the public internet)
  4. Audit iptvType parameter usage for suspicious patterns

References