CVE-2025-71021 – Tenda AX-1806 routers running firmware v1.0.0.1... (How to Fix)

Q: What is the severity of CVE-2025-71021?

CVE-2025-71021 has a CVSS score of 7.5 (HIGH). Tenda AX-1806 routers running firmware v1.0.0.1 contain a stack overflow vulnerability in the serverName parameter that allows attackers to crash the device via specially crafted requests. This affects all users of this specific router model and firmware version. The vulnerability enables remote denial of service attacks.

📋 TL;DR

Tenda AX-1806 routers running firmware v1.0.0.1 contain a stack overflow vulnerability in the serverName parameter that allows attackers to crash the device via specially crafted requests. This affects all users of this specific router model and firmware version. The vulnerability enables remote denial of service attacks.

💻 Affected Systems

Products:

Tenda AX-1806

Versions: v1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific firmware version on the AX-1806 model. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Ax1806 Firmware by Tenda

View all CVEs affecting Ax1806 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical power cycle, potentially leading to extended network downtime and service disruption.

🟠

Likely Case

Router becomes unresponsive, requiring reboot and causing temporary network outage for connected devices.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to isolated network segments.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices and vulnerable to remote exploitation.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available in GitHub repository. Exploitation requires sending crafted request to vulnerable parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check Tenda official website for firmware updates. If available, download latest firmware and apply through router web interface.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface from untrusted networks

Access Control Lists

all

Restrict access to router management interface to trusted IPs only

🧯 If You Can't Patch

Replace vulnerable router with updated model or different vendor
Implement network monitoring for DoS attempts against router

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface (typically under System Status or About)

Check Version:

Check router web interface or use nmap/router scanning tools

Verify Fix Applied:

Verify firmware version has been updated from v1.0.0.1

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot events
Unusual requests to management interface

Network Indicators:

Multiple crafted requests to router management port
Sudden loss of router connectivity

SIEM Query:

source="router_logs" AND (event="crash" OR event="reboot") OR dest_port=80 AND uri_contains="serverName" AND length>threshold

📊 Metadata

CVE ID: CVE-2025-71021

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.05% exploit probability (14.9th percentile)

Published: January 14, 2026

Last Updated: January 20, 2026

🔗 References

https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-1806/7/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-71021, you might also want to check these: