CVE-2025-69762 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-69762?

CVE-2025-69762 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda AX3 routers by exploiting a stack overflow in the formSetIptv function. Attackers can send specially crafted requests to trigger memory corruption and gain control of affected devices. All users running the vulnerable firmware version are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AX3 routers by exploiting a stack overflow in the formSetIptv function. Attackers can send specially crafted requests to trigger memory corruption and gain control of affected devices. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:

Tenda AX3 router

Versions: Firmware v16.03.12.11

Operating Systems: Embedded Linux on Tenda AX3 hardware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the web management interface which is typically enabled by default. Older versions may also be affected but only v16.03.12.11 is confirmed.

📦 What is this software?

Ax3 Firmware by Tenda

View all CVEs affecting Ax3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to install persistent malware, intercept network traffic, pivot to internal networks, and use the device for botnet activities.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and use as a proxy for malicious activities.

🟢

If Mitigated

Limited impact if the router is behind a firewall with strict inbound filtering and the vulnerable service is not internet-facing.

🌐 Internet-Facing: HIGH - The vulnerable service is typically accessible via web interface which may be exposed to the internet on default configurations.

🏢 Internal Only: HIGH - Even internally, any compromised device on the network could exploit this vulnerability to take over the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The references contain technical analysis and likely exploit code. The high CVSS score and remote unauthenticated nature make weaponization probable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available at this time

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for AX3. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to the router's web interface

Restrict web interface access

all

Limit which IP addresses can access the router admin interface

🧯 If You Can't Patch

Isolate the router on a separate VLAN with strict firewall rules
Implement network monitoring for unusual traffic patterns from the router

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Status or System Tools

Check Version:

Login to router web interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version is no longer v16.03.12.11 after update

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to formSetIptv endpoint
Multiple failed login attempts followed by successful formSetIptv access
Router logs showing unexpected reboots or configuration changes

Network Indicators:

Unusual outbound connections from router IP
DNS queries to suspicious domains from router
Traffic patterns suggesting router is acting as proxy

SIEM Query:

source="router_logs" AND (uri="/goform/formSetIptv" OR message="formSetIptv")

📊 Metadata

CVE ID: CVE-2025-69762

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.29% exploit probability (52.2th percentile)

Published: January 21, 2026

Last Updated: January 26, 2026

🔗 References

https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formSetIptv-2c9a595a7aef80718ff2c3869d32392d Exploit,Third Party Advisory
https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formSetIptv-2c9a595a7aef80718ff2c3869d32392d?pvs=74 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69762, you might also want to check these: