Cyber Resilience

CVE-2025-71026

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
16 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0009 26.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-71026 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Tenda Ax3 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-71026, published on 2026-01-13, is a stack overflow vulnerability affecting the Tenda AX-3 router on firmware version v16.03.12.10_CN. The flaw occurs in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function, stemming from CWE-787 (Out-of-bounds Write) and CWE-121 (Stack-based Buffer Overflow). It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high severity for availability impacts.

Unauthenticated attackers with network access can exploit this vulnerability by sending a crafted request to the affected function, triggering a stack overflow that causes a Denial of Service (DoS). No user interaction or privileges are required, enabling remote exploitation with low complexity to crash the device and disrupt network services.

Details on the vulnerability, including likely proof-of-concept information, are documented in a GitHub repository at https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-3/9/1.md. No official vendor advisories or patches are referenced in available data.

EU & UK References

Vulnerability details

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated exploitation of public-facing router web function (T1190) via crafted input triggers stack overflow for DoS (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71027Same product: Tenda Ax3
CVE-2025-71024Same product: Tenda Ax3
CVE-2025-71025Same product: Tenda Ax3
CVE-2025-71023Same product: Tenda Ax3
CVE-2025-69764Same product: Tenda Ax3
CVE-2025-69766Same product: Tenda Ax3
CVE-2025-69765Same product: Tenda Ax3
CVE-2025-69763Same product: Tenda Ax3
CVE-2025-69762Same product: Tenda Ax3
CVE-2025-55606Same product: Tenda Ax3

Affected Assets

tenda
ax3 firmware
16.03.12.10_cn

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the specific stack overflow flaw in the fromAdvSetMacMtuWan function's wanSpeed2 parameter directly eliminates the vulnerability causing unauthenticated remote DoS.

prevent

Validating the wanSpeed2 parameter bounds and format prevents crafted requests from triggering the stack-based buffer overflow.

prevent

Memory protections such as stack canaries, ASLR, and DEP mitigate exploitation of the stack overflow vulnerability to prevent device crashes.

References