CVE-2025-70644 – Tenda AX-1806 routers running firmware v1.0.0.1... (How to Fix)

📋 TL;DR

Tenda AX-1806 routers running firmware v1.0.0.1 contain a stack overflow vulnerability in the time parameter handling. Attackers can exploit this to cause Denial of Service (DoS) by sending specially crafted requests. This affects all users of Tenda AX-1806 routers with the vulnerable firmware version.

💻 Affected Systems

Products:

Tenda AX-1806

Versions: v1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration

📦 What is this software?

Ax1806 Firmware by Tenda

View all CVEs affecting Ax1806 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reboot, potential remote code execution if stack overflow can be controlled to execute arbitrary code

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality, disrupting network connectivity

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and proper network segmentation

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains proof-of-concept code demonstrating the vulnerability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates
2. If update available, download and install via router web interface
3. Reboot router after installation
4. Verify firmware version is no longer v1.0.0.1

🔧 Temporary Workarounds

Restrict WAN Access

all

Configure firewall to block external access to router management interface

Network Segmentation

all

Isolate router management interface to trusted network segment only

🧯 If You Can't Patch

Replace vulnerable router with different model or updated version
Implement strict network access controls to limit exposure to the router

🔍 How to Verify

Check if Vulnerable:

Access router web interface, navigate to System Status or About page, check firmware version

Check Version:

curl -s http://router-ip/status.cgi | grep version

Verify Fix Applied:

Confirm firmware version is no longer v1.0.0.1 after update

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
Unusual traffic patterns to router management interface
Multiple failed connection attempts

Network Indicators:

Unusual HTTP requests to router management interface with malformed time parameters
Sudden loss of connectivity from router

SIEM Query:

source="router_logs" AND (event="crash" OR event="reboot") OR (http_request CONTAINS "/cgi-bin/" AND http_request CONTAINS "time=")

📊 Metadata

CVE ID: CVE-2025-70644

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.05% exploit probability (14.9th percentile)

Published: January 21, 2026

Last Updated: January 26, 2026

🔗 References

https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-1806/3/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-70644, you might also want to check these: