CVE-2025-71023
Published: 13 January 2026
Summary
CVE-2025-71023 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ax3 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack overflow in public router web interface (fromAdvSetMacMtuWan) allows unauthenticated remote crafted requests causing DoS via application exploitation.
NVD Description
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Deeper analysisAI
CVE-2025-71023 is a stack overflow vulnerability in the Tenda AX-3 router running firmware version v16.03.12.10_CN. The flaw occurs in the mac2 parameter of the fromAdvSetMacMtuWan function, which can be triggered by a crafted request.
Remote attackers can exploit this vulnerability with no required privileges, authentication, or user interaction over the network. Successful exploitation leads to a Denial of Service (DoS) condition, with no impact on confidentiality or integrity. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-121 (Stack-based Buffer Overflow).
Additional details are available in the referenced advisory at https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-3/11/1.md.
Details
- CWE(s)