CVE-2025-71019 in AX1806
Summary
by MITRE • 01/15/2026
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/15/2026
The vulnerability identified as CVE-2025-71019 affects the Tenda AX-1806 router model running firmware version 1.0.0.1 and represents a critical stack overflow condition within the device's web interface handling logic. This flaw exists in the sub_65B5C function where the wanSpeed parameter is processed without adequate input validation or bounds checking, creating an exploitable condition that can be leveraged by remote attackers to disrupt normal device operations.
The technical implementation of this vulnerability stems from improper memory management practices within the router's firmware codebase, specifically when handling user-supplied data through the web administration interface. When an attacker crafts a malicious HTTP request containing an overly long or malformed wanSpeed parameter value, the application fails to properly validate the input length before copying it to a fixed-size stack buffer. This classic buffer overflow scenario occurs because the code does not perform adequate bounds checking or string length validation before executing the memory copy operation, allowing the attacker to overwrite adjacent stack memory locations and potentially corrupt the program execution flow.
From an operational perspective, this vulnerability creates a significant risk for network administrators and end users who rely on the Tenda AX-1806 for their networking infrastructure. The denial of service condition can result in complete loss of network connectivity for devices connected to the affected router, as the stack overflow will likely cause the web interface service to crash or become unresponsive. The impact extends beyond simple service disruption since many users may not have physical access to the device to perform manual restarts, particularly in enterprise environments where remote management is preferred. This vulnerability can be exploited remotely without authentication requirements, making it particularly dangerous as attackers can trigger the DoS condition from any network location with access to the device's web interface.
The vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions, and represents a clear violation of secure coding practices recommended by the CERT/CC Secure Coding Standards. According to ATT&CK framework, this vulnerability maps to T1499.004 which covers network denial of service attacks, and T1595.001 which involves network scanning and reconnaissance activities. The attack surface is particularly concerning as it affects a consumer-grade router that many users may not regularly update, creating a persistent risk for home and small office networks. Organizations should consider implementing network segmentation and monitoring for unusual traffic patterns that might indicate exploitation attempts, while also prioritizing firmware updates once available from the vendor to address this stack overflow condition.
Mitigation strategies should include immediate network monitoring for suspicious requests targeting the wanSpeed parameter, implementation of network access controls to limit exposure of the affected device's web interface, and preparation for firmware updates once released by Tenda. Network administrators should also consider disabling unnecessary web management interfaces when possible and implementing intrusion detection systems that can identify malformed HTTP requests targeting known vulnerable parameters. The vulnerability demonstrates the critical importance of input validation and secure coding practices in embedded network devices, where resource constraints often lead to inadequate security measures that can be exploited by attackers with minimal technical expertise.