Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-70645

CVE-2025-70645: Tenda AX-1806 Stack Overflow DoS Vulnerability

CVE-2025-70645 is a stack overflow vulnerability in Tenda AX-1806 routers that enables attackers to trigger Denial of Service conditions. This article covers the technical details, affected versions, impact, and mitigation.

Published:

CVE-2025-70645 Overview

A stack overflow vulnerability has been identified in Tenda AX-1806 router firmware version 1.0.0.1. The vulnerability exists in the deviceList parameter of the formSetWifiMacFilterCfg function, which fails to properly validate input length before copying data to a fixed-size stack buffer. This vulnerability allows remote attackers to cause a Denial of Service (DoS) condition by sending specially crafted requests to the affected device.

Critical Impact

Remote attackers can crash the Tenda AX-1806 router without authentication, disrupting network connectivity for all connected devices.

Affected Products

  • Tenda AX-1806 v1.0.0.1

Discovery Timeline

  • 2026-01-21 - CVE-2025-70645 published to NVD
  • 2026-01-21 - Last updated in NVD database

Technical Details for CVE-2025-70645

Vulnerability Analysis

This vulnerability is classified as CWE-121 (Stack-based Buffer Overflow), a memory corruption issue that occurs when the formSetWifiMacFilterCfg function processes user-supplied data through the deviceList parameter. The function copies input data into a stack-allocated buffer without performing adequate bounds checking, allowing an attacker to overflow the buffer and corrupt adjacent memory on the stack.

The network-accessible nature of this vulnerability means it can be exploited remotely without requiring any user interaction or authentication. When successfully exploited, the stack corruption causes the router's web management service or potentially the entire device to crash, resulting in denial of service for all network users.

Root Cause

The root cause of this vulnerability lies in insufficient input validation within the formSetWifiMacFilterCfg function. The function accepts the deviceList parameter from HTTP requests and copies the data to a fixed-size buffer on the stack without verifying that the input length does not exceed the buffer's capacity. This is a classic stack buffer overflow condition common in embedded device firmware where memory-safe programming practices are not consistently applied.

Attack Vector

The attack vector is network-based, allowing remote exploitation. An attacker can craft a malicious HTTP request containing an oversized deviceList parameter value. When the vulnerable formSetWifiMacFilterCfg function processes this request, it attempts to copy the oversized input into the stack buffer, causing memory corruption beyond the buffer boundaries. This corruption typically overwrites the function's return address or other critical stack data, causing the application or device to crash.

The vulnerability does not require authentication to exploit, making any Tenda AX-1806 router with firmware version 1.0.0.1 accessible on the network potentially vulnerable to attack.

Detection Methods for CVE-2025-70645

Indicators of Compromise

  • Unexpected router reboots or crashes without administrator intervention
  • Loss of network connectivity for connected devices coinciding with suspicious HTTP traffic
  • Web management interface becoming unresponsive after receiving malformed requests
  • Abnormally large HTTP POST requests targeting the formSetWifiMacFilterCfg endpoint

Detection Strategies

  • Monitor network traffic for unusually large HTTP requests directed at Tenda router management interfaces
  • Implement IDS/IPS rules to detect oversized deviceList parameter values in HTTP POST requests
  • Configure network monitoring to alert on repeated connection failures to the router management interface
  • Deploy anomaly detection to identify unusual patterns in router restarts or service interruptions

Monitoring Recommendations

  • Enable logging on network firewalls to capture traffic destined for router management ports
  • Implement SNMP monitoring for router availability and uptime metrics
  • Configure alerting for router interface status changes that may indicate DoS attacks
  • Review access logs for the router's web management interface for suspicious request patterns

How to Mitigate CVE-2025-70645

Immediate Actions Required

  • Restrict access to the router's web management interface to trusted networks only
  • Implement firewall rules to block external access to router management ports
  • Monitor for firmware updates from Tenda that address this vulnerability
  • Consider network segmentation to limit exposure of vulnerable devices

Patch Information

No vendor patch information is currently available. Monitor the GitHub Vulnerability Report and Tenda's official support channels for security updates addressing this vulnerability.

Workarounds

  • Disable remote management access to the router from the WAN interface
  • Configure access control lists (ACLs) to restrict management interface access to specific IP addresses
  • Place the router behind an additional firewall that can filter malicious requests
  • Consider replacing the vulnerable device with an alternative if no patch becomes available
bash
# Example: Restrict management access via firewall (iptables)
# Block external access to common router management ports
iptables -A INPUT -i eth0 -p tcp --dport 80 -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 443 -j DROP

# Allow management access only from trusted internal network
iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 443 -j ACCEPT

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.