Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-70646

CVE-2025-70646: Tenda AX1803 Stack Overflow DoS Vulnerability

CVE-2025-70646 is a stack overflow vulnerability in Tenda AX1803 v1.0.0.1 that enables attackers to trigger denial of service conditions. This article covers the technical details, affected versions, and mitigation steps.

Published:

CVE-2025-70646 Overview

A stack overflow vulnerability has been discovered in the Tenda AX1803 router firmware version 1.0.0.1. The vulnerability exists in the security parameter of the sub_72290 function, which fails to properly validate input boundaries before processing user-supplied data. This flaw enables remote attackers to cause a Denial of Service (DoS) condition by sending specially crafted requests to the affected device.

Critical Impact

Remote attackers can exploit this stack overflow vulnerability to crash the Tenda AX1803 router, causing network service disruption without requiring authentication.

Affected Products

  • Tenda AX1803 firmware version 1.0.0.1

Discovery Timeline

  • 2026-01-21 - CVE-2025-70646 published to NVD
  • 2026-01-22 - Last updated in NVD database

Technical Details for CVE-2025-70646

Vulnerability Analysis

This vulnerability is classified as CWE-121 (Stack-based Buffer Overflow), a memory corruption flaw that occurs when a program writes data beyond the boundaries of a fixed-length buffer located on the stack. In the context of the Tenda AX1803 router, the sub_72290 function processes the security parameter without adequate bounds checking, allowing an attacker to overflow the stack buffer.

The network-accessible nature of this vulnerability means that exploitation requires no prior authentication or user interaction. An attacker can target the router remotely by crafting malicious HTTP requests containing oversized or malformed data in the security parameter. When processed by the vulnerable function, this causes stack memory corruption resulting in service disruption.

The primary impact is availability loss—the router crashes or becomes unresponsive, effectively denying network services to legitimate users. While the vulnerability does not directly lead to confidentiality or integrity compromises, the denial of service impact is significant for home and small business networks relying on this device.

Root Cause

The root cause of this vulnerability lies in insufficient input validation within the sub_72290 function. The function accepts the security parameter from network requests and copies the data into a fixed-size stack buffer without verifying the input length. This classic stack buffer overflow scenario allows attackers to overwrite adjacent stack memory, corrupting return addresses or other critical data structures, ultimately causing the application to crash.

Attack Vector

The attack vector is network-based with low complexity requirements. An unauthenticated remote attacker can exploit this vulnerability by:

  1. Identifying an exposed Tenda AX1803 router running firmware version 1.0.0.1
  2. Crafting an HTTP request with an oversized or malformed security parameter
  3. Sending the crafted request to the router's web management interface
  4. The sub_72290 function processes the malicious input, triggering the stack overflow
  5. The router crashes or becomes unresponsive, causing a denial of service condition

The vulnerability requires no special privileges or user interaction, making it highly accessible to remote attackers.

A proof-of-concept for this vulnerability has been documented and is available in the GitHub PoC Repository maintained by security researchers.

Detection Methods for CVE-2025-70646

Indicators of Compromise

  • Unexpected router reboots or crashes without administrative action
  • Loss of network connectivity coinciding with suspicious external traffic
  • Web management interface becoming unresponsive
  • Unusual HTTP requests targeting the router's management interface with oversized parameters

Detection Strategies

  • Monitor network traffic for anomalous HTTP requests to the router's management interface containing unusually large parameter values
  • Implement intrusion detection rules to flag requests with oversized security parameters
  • Deploy network monitoring to detect repeated connection attempts to the router management port from unknown sources
  • Configure alerts for router availability monitoring to detect unexpected service interruptions

Monitoring Recommendations

  • Enable logging on the router (if available) to capture incoming HTTP requests
  • Deploy network-level monitoring solutions to inspect traffic destined for the router's management interface
  • Set up uptime monitoring for the router to quickly identify DoS conditions
  • Review access logs for patterns of malformed or unusually large requests

How to Mitigate CVE-2025-70646

Immediate Actions Required

  • Restrict access to the router's web management interface to trusted networks only
  • Disable remote management features if not required
  • Implement firewall rules to block external access to the router's management ports
  • Monitor Tenda's official channels for firmware updates addressing this vulnerability

Patch Information

As of the last NVD update on 2026-01-22, no official patch has been released by Tenda for this vulnerability. Organizations should monitor Tenda's official website and support channels for security advisories and firmware updates that address CVE-2025-70646.

Workarounds

  • Disable the web-based management interface when not actively needed for administration
  • Configure access control lists (ACLs) to limit management interface access to specific trusted IP addresses
  • Place the router behind a separate firewall that can filter malicious requests before they reach the device
  • Consider network segmentation to isolate the router's management interface from untrusted networks
bash
# Example: Restrict management interface access using upstream firewall
# Block external access to common router management ports
iptables -A INPUT -p tcp --dport 80 -s ! 192.168.1.0/24 -j DROP
iptables -A INPUT -p tcp --dport 443 -s ! 192.168.1.0/24 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.