CVE-2025-71026 in AX3
Summary
by MITRE • 01/13/2026
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/17/2026
The vulnerability identified as CVE-2025-71026 affects the Tenda AX-3 v16.03.12.10_CN router firmware, representing a critical stack overflow condition within the device's network management functionality. This flaw exists in the fromAdvSetMacMtuWan function where the wanSpeed2 parameter is processed without adequate input validation or bounds checking. The stack overflow occurs when maliciously crafted requests are sent to the affected device, specifically targeting the wanSpeed2 parameter which controls advanced network settings for the WAN interface.
The technical implementation of this vulnerability stems from improper memory management practices within the router's firmware codebase, where user-supplied input is directly processed into stack-based buffers without sufficient sanitization. According to CWE-121, this constitutes a classic stack buffer overflow vulnerability where the malicious input exceeds the allocated buffer space, potentially corrupting adjacent memory locations and causing unpredictable behavior. The vulnerability manifests through a remote attack vector, meaning that an attacker does not require physical access to the device to exploit this weakness.
The operational impact of CVE-2025-71026 extends beyond simple denial of service conditions, as the stack overflow can potentially lead to complete device compromise or unauthorized access to the router's administrative interface. Attackers leveraging this vulnerability can cause persistent service disruption by repeatedly triggering the overflow condition, rendering the router inoperable until manual intervention or firmware reflash occurs. The DoS condition affects all network services provided by the device, including internet connectivity, local network access, and any configured security features that depend on proper router operation.
Security professionals should note that this vulnerability aligns with ATT&CK technique T1210, which describes exploitation of remote services through buffer overflow attacks. The affected Tenda AX-3 device represents a common target for attackers seeking to establish persistent network footholds, particularly in environments where network infrastructure devices are not regularly updated or monitored for security vulnerabilities. Organizations should prioritize immediate firmware updates from Tenda, as recommended in NIST SP 800-128 guidelines for vulnerability remediation. Additional mitigations include network segmentation to limit access to administrative interfaces, implementation of intrusion detection systems to monitor for exploitation attempts, and regular security assessments of network infrastructure devices to identify similar vulnerabilities across the enterprise network.