CVE-2025-70744 in AX1806
Summary
by MITRE • 01/15/2026
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/15/2026
The vulnerability identified as CVE-2025-70744 affects the Tenda AX-1806 router firmware version 1.0.0.1, representing a critical stack overflow condition within the device's web interface handling mechanism. This flaw resides in the sub_65B5C function where the cloneType parameter is processed without adequate input validation or bounds checking, creating a predictable exploitation vector for remote attackers. The vulnerability specifically manifests when the device processes HTTP requests containing maliciously crafted cloneType values, leading to unauthorized memory manipulation that can result in system instability and complete service disruption.
The technical implementation of this stack overflow vulnerability follows established patterns that align with CWE-121 Stack-based Buffer Overflow, where insufficient boundary checks allow attackers to overwrite adjacent memory locations on the stack. The affected function processes user-supplied input directly without sanitization, enabling attackers to inject excessive data that exceeds the allocated buffer space. This condition creates a chain reaction where the program's execution flow becomes corrupted, potentially leading to arbitrary code execution or complete system crash. The vulnerability's remote exploitability means that attackers can trigger the condition through web-based interfaces without requiring physical access or local privileges, making it particularly dangerous for networked devices.
The operational impact of this vulnerability extends beyond simple denial of service, as it represents a fundamental security weakness that can be leveraged for more sophisticated attacks. When an attacker successfully exploits this vulnerability, they can cause the router to become unresponsive or reboot continuously, effectively rendering the network infrastructure unavailable to legitimate users. The DoS condition can persist until manual intervention occurs, potentially disrupting network connectivity for all devices connected to the affected router. This vulnerability particularly affects enterprise and residential networks where the router serves as a critical gateway component, potentially enabling broader network compromise scenarios.
Mitigation strategies for CVE-2025-70744 should prioritize immediate firmware updates from Tenda to address the underlying stack overflow condition. Network administrators should implement network segmentation to isolate affected devices and monitor for suspicious traffic patterns that may indicate exploitation attempts. The vulnerability's characteristics align with ATT&CK technique T1499.004 Network Denial of Service, where adversaries leverage software weaknesses to disrupt network services. Additionally, implementing web application firewalls and input validation controls can provide additional defense-in-depth measures. Organizations should also consider disabling unnecessary web management interfaces and restricting access to router administration functions to minimize the attack surface. Regular security audits and vulnerability assessments should be conducted to identify similar weaknesses in other network infrastructure components that may present analogous exploitation vectors.