CVE-2025-69763 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-69763?

CVE-2025-69763 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda AX3 routers by exploiting a stack overflow in the formSetIptv function via the vlanId parameter. Attackers can achieve full system compromise, potentially taking complete control of affected devices. All users running the vulnerable firmware version are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AX3 routers by exploiting a stack overflow in the formSetIptv function via the vlanId parameter. Attackers can achieve full system compromise, potentially taking complete control of affected devices. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:

Tenda AX3 router

Versions: v16.03.12.11

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface which is typically enabled by default on both LAN and WAN interfaces.

📦 What is this software?

Ax3 Firmware by Tenda

View all CVEs affecting Ax3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover enabling persistent backdoor installation, network traffic interception, lateral movement to other devices, and participation in botnets.

🟠

Likely Case

Remote code execution leading to device compromise, credential theft, DNS hijacking, and use as pivot point for internal network attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict ingress filtering and network segmentation, though internal threats remain.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from WAN interfaces.

🏢 Internal Only: HIGH - Even if not internet-facing, internal attackers or malware could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in a web interface function and appears to be remotely exploitable without authentication based on the CWE-121 classification and CVSS score.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in references

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates. 2. If update available, download from official source. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload new firmware file. 6. Wait for upgrade to complete. 7. Verify new firmware version.

🔧 Temporary Workarounds

Disable remote management

all

Disable web management interface on WAN/Internet-facing interface

Network segmentation

all

Place router in isolated network segment with strict firewall rules

🧯 If You Can't Patch

Isolate affected devices from critical networks using VLANs or physical segmentation
Implement strict firewall rules to block all unnecessary inbound traffic to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Status or Firmware Upgrade section

Check Version:

Check via web interface or SSH if enabled: cat /proc/version or similar firmware version file

Verify Fix Applied:

Verify firmware version is no longer v16.03.12.11 after update

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to formSetIptv endpoint
Large vlanId parameter values in HTTP logs
Crash logs or core dumps from router processes

Network Indicators:

Exploit traffic patterns to router management interface
Unusual outbound connections from router after compromise

SIEM Query:

source="router_logs" AND (uri="/goform/setIptv" OR uri="/goform/formSetIptv") AND (param="vlanId" AND length(value)>100)

📊 Metadata

CVE ID: CVE-2025-69763

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.29% exploit probability (52.2th percentile)

Published: January 21, 2026

Last Updated: January 26, 2026

🔗 References

https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formSetIptv-2c9a595a7aef8025a3c6c4b102d95dd4 Exploit,Third Party Advisory
https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formSetIptv-2c9a595a7aef8025a3c6c4b102d95dd4?source=copy_link Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69763, you might also want to check these: