CVE-2025-70747 – Tenda AX-1806 routers running firmware v1.0.0.1... (How to Fix)

📋 TL;DR

Tenda AX-1806 routers running firmware v1.0.0.1 contain a stack overflow vulnerability in the serviceName parameter that allows remote attackers to crash the device via specially crafted requests. This affects all users of Tenda AX-1806 routers with the vulnerable firmware version. The vulnerability can be exploited without authentication to cause denial of service.

💻 Affected Systems

Products:

Tenda AX-1806

Versions: v1.0.0.1

Operating Systems: Embedded Linux (Tenda firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the specified firmware version are vulnerable. The vulnerability is in the web management interface component.

📦 What is this software?

Ax1806 Firmware by Tenda

View all CVEs affecting Ax1806 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical power cycle, potentially leading to extended network downtime and service disruption.

🟠

Likely Case

Router becomes unresponsive, requiring manual reboot and causing temporary network outage for connected devices.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted access to management interface.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with management interfaces accessible from WAN by default.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to disrupt network connectivity.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept code is publicly available on GitHub. Exploitation requires sending a specially crafted HTTP request to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda support website for firmware updates
2. If update available, download latest firmware
3. Access router admin interface
4. Navigate to firmware upgrade section
5. Upload and install new firmware
6. Wait for router to reboot

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Restrict Management Interface Access

linux

Use firewall rules to limit access to router management IP/ports

iptables -A INPUT -p tcp --dport 80 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Isolate router on separate VLAN with restricted access
Implement network monitoring for DoS attempts against router management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Status or About page

Check Version:

curl -s http://router-ip/status.cgi | grep version

Verify Fix Applied:

Verify firmware version is no longer v1.0.0.1 after update

📡 Detection & Monitoring

Log Indicators:

Repeated connection attempts to router management interface
Router reboot events in system logs
HTTP requests with long serviceName parameters

Network Indicators:

Unusual HTTP POST requests to router management interface
Traffic patterns indicating DoS attempts

SIEM Query:

source="router.log" AND ("POST /goform" OR "serviceName" AND length>100)

📊 Metadata

CVE ID: CVE-2025-70747

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.05% exploit probability (14.9th percentile)

Published: January 14, 2026

Last Updated: January 20, 2026

🔗 References

https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-1806/6/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-70747, you might also want to check these: