CVE-2025-63152 in AX3
Summary
by MITRE • 11/10/2025
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 11/10/2025
The vulnerability identified as CVE-2025-63152 affects the Tenda AX3 router firmware version V16.03.12.10_CN, specifically within the wlSetExternParameter function where a stack overflow occurs in the wpapsk_crypto parameter handling. This represents a critical security flaw that stems from inadequate input validation and memory management within the router's wireless configuration interface. The vulnerability exists in the embedded web server component responsible for processing wireless security parameters, making it accessible through network-based attacks that exploit the router's HTTP interface.
The technical exploitation of this stack overflow vulnerability occurs when an attacker crafts a malicious HTTP request containing an oversized or malformed wpapsk_crypto parameter value. This parameter is used to configure WPA-PSK cryptographic settings for wireless networks, and the insufficient bounds checking allows the input data to overwrite adjacent memory locations on the stack. The flaw falls under CWE-121 Stack-based Buffer Overflow, which is classified as a fundamental memory safety issue where data written to a buffer exceeds its allocated memory boundaries. The vulnerability demonstrates poor defensive programming practices where the system fails to validate input length and content before processing, creating an exploitable condition that can be triggered through remote network access.
The operational impact of this vulnerability extends beyond simple denial of service as it provides attackers with a potential pathway for more sophisticated attacks. While the immediate effect is a device crash or reboot that results in service disruption, the underlying memory corruption could potentially be leveraged for arbitrary code execution if attackers can control the overflow pattern. The router's wireless security functionality becomes compromised, potentially allowing unauthorized network access or complete system takeover. This vulnerability affects network availability and security, particularly in environments where wireless access points are centrally managed and where persistent network access is required for business operations.
Mitigation strategies for CVE-2025-63152 should prioritize immediate firmware updates from Tenda to address the stack overflow condition in the wlSetExternParameter function. Network administrators should implement network segmentation and access controls to limit exposure of affected devices to untrusted networks, utilizing firewalls and access control lists to restrict HTTP access to router management interfaces. The vulnerability aligns with ATT&CK technique T1210 Exploitation of Remote Services, where adversaries target network services to gain system access. Organizations should also consider implementing intrusion detection systems that can identify malformed HTTP requests targeting the specific parameter, while monitoring for unusual network traffic patterns that may indicate exploitation attempts. Regular security assessments and vulnerability scanning of network infrastructure should include checks for similar buffer overflow conditions in embedded systems, as this represents a common class of flaws in IoT and networking equipment that requires continuous monitoring and patch management processes.