Tenda M3 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda M3 Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Tenda M3 Firmware. Last year, in 2025 M3 Firmware had 7 security vulnerabilities published. Right now, M3 Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 7 | 8.80 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
It may take a day or so for new M3 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda M3 Firmware Security Vulnerabilities
A vulnerability has been found in Tenda M3 1.0.0.13(4903)
CVE-2025-15253
8.8 - High
- December 30, 2025
A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Stack Overflow
A flaw has been found in Tenda M3 1.0.0.13(4903)
CVE-2025-15252
8.8 - High
- December 30, 2025
A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
Stack Overflow
A weakness has been identified in Tenda M3 1.0.0.13(4903)
CVE-2025-15234
8.8 - High
- December 30, 2025
A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Heap-based Buffer Overflow
A security flaw has been discovered in Tenda M3 1.0.0.13(4903)
CVE-2025-15233
8.8 - High
- December 30, 2025
A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemUID results in heap-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Heap-based Buffer Overflow
A vulnerability was identified in Tenda M3 1.0.0.13(4903)
CVE-2025-15232
8.8 - High
- December 30, 2025
A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
Stack Overflow
A vulnerability was determined in Tenda M3 1.0.0.13(4903)
CVE-2025-15231
8.8 - High
- December 30, 2025
A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Stack Overflow
A vulnerability was found in Tenda M3 1.0.0.13(4903)
CVE-2025-15230
8.8 - High
- December 30, 2025
A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing a manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Heap-based Buffer Overflow
Tenda M3 v1.0.0.12 Stack Overflow via Upgrade
CVE-2023-51092
9.8 - Critical
- December 26, 2023
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda M3 Firmware or by Tenda? Click the Watch button to subscribe.
