CVE-2025-71026
Published: 13 January 2026
Summary
CVE-2025-71026 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Tenda Ax3 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-71026, published on 2026-01-13, is a stack overflow vulnerability affecting the Tenda AX-3 router on firmware version v16.03.12.10_CN. The flaw occurs in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function, stemming from CWE-787 (Out-of-bounds Write) and CWE-121 (Stack-based Buffer Overflow). It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high severity for availability impacts.
Unauthenticated attackers with network access can exploit this vulnerability by sending a crafted request to the affected function, triggering a stack overflow that causes a Denial of Service (DoS). No user interaction or privileges are required, enabling remote exploitation with low complexity to crash the device and disrupt network services.
Details on the vulnerability, including likely proof-of-concept information, are documented in a GitHub repository at https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-3/9/1.md. No official vendor advisories or patches are referenced in available data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2257
Vulnerability details
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of public-facing router web function (T1190) via crafted input triggers stack overflow for DoS (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Remediating the specific stack overflow flaw in the fromAdvSetMacMtuWan function's wanSpeed2 parameter directly eliminates the vulnerability causing unauthenticated remote DoS.
Validating the wanSpeed2 parameter bounds and format prevents crafted requests from triggering the stack-based buffer overflow.
Memory protections such as stack canaries, ASLR, and DEP mitigate exploitation of the stack overflow vulnerability to prevent device crashes.