CVE-2025-70744 – Tenda AX-1806 routers version 1.0.0.1 contain a... (How to Fix)

Q: What is the severity of CVE-2025-70744?

CVE-2025-70744 has a CVSS score of 7.5 (HIGH). Tenda AX-1806 routers version 1.0.0.1 contain a stack overflow vulnerability in the cloneType parameter that allows attackers to cause Denial of Service (DoS) through crafted requests. This affects all users running the vulnerable firmware version. The vulnerability requires network access to the router's management interface.

📋 TL;DR

Tenda AX-1806 routers version 1.0.0.1 contain a stack overflow vulnerability in the cloneType parameter that allows attackers to cause Denial of Service (DoS) through crafted requests. This affects all users running the vulnerable firmware version. The vulnerability requires network access to the router's management interface.

💻 Affected Systems

Products:

Tenda AX-1806

Versions: v1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version only; other Tenda models or versions may not be vulnerable.

📦 What is this software?

Ax1806 Firmware by Tenda

View all CVEs affecting Ax1806 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical power cycle, potentially disrupting all network connectivity for connected devices.

🟠

Likely Case

Router becomes unresponsive to legitimate requests, requiring reboot to restore functionality.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted management interface access.

🌐 Internet-Facing: HIGH if management interface is exposed to internet, as unauthenticated attackers can trigger DoS.

🏢 Internal Only: MEDIUM as internal attackers or malware could exploit to disrupt network operations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains technical details and proof-of-concept; exploitation requires sending crafted HTTP request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda support site for firmware updates 2. Download latest firmware 3. Access router admin interface 4. Navigate to System Tools > Firmware Upgrade 5. Upload new firmware file 6. Wait for automatic reboot

🔧 Temporary Workarounds

Restrict Management Interface Access

all

Limit access to router management interface to trusted IP addresses only

Disable Remote Management

all

Turn off remote management feature if enabled

🧯 If You Can't Patch

Segment router on isolated network segment
Implement network monitoring for abnormal HTTP requests to router management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Status or System Tools

Check Version:

Access router web interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version is no longer v1.0.0.1 after update

📡 Detection & Monitoring

Log Indicators:

Multiple HTTP requests to /goform/setCloneType or similar endpoints
Router reboot logs without user action
High CPU/memory usage alerts

Network Indicators:

Unusual HTTP POST requests to router management interface with malformed cloneType parameter
Sudden drop in router responsiveness

SIEM Query:

source="router_logs" AND (uri="/goform/setCloneType" OR message="reboot" OR message="crash")

📊 Metadata

CVE ID: CVE-2025-70744

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.05% exploit probability (14.9th percentile)

Published: January 15, 2026

Last Updated: January 20, 2026

🔗 References

https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-1806/10/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-70744, you might also want to check these: