Cyber Resilience

CVE-2025-70646

HighPublic PoC

Published: 21 January 2026

Published
21 January 2026
Modified
26 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0013 31.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70646 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ax1803 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-70646 is a stack overflow vulnerability (CWE-121) in the security parameter of the sub_72290 function within Tenda AX1803 firmware version v1.0.0.1. This flaw enables attackers to trigger a Denial of Service (DoS) condition through a specially crafted network request. The vulnerability was publicly disclosed on January 21, 2026, and carries a CVSS v3.1 base score of 7.5, reflecting its high severity due to the potential for remote disruption without authentication.

The attack scenario is straightforward and highly accessible: unauthenticated attackers with network access to the affected device (AV:N/AC:L/PR:N/UI:N) can send a malicious request to the vulnerable function, causing a stack overflow that crashes the device and disrupts service availability (A:H). No user interaction or privileges are required, making it suitable for remote exploitation by any adversary on the same network or exposed to the internet. Successful exploitation results solely in DoS, with no impact on confidentiality or integrity (C:N/I:N).

Mitigation details and further technical analysis are provided in the referenced advisory at https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-1803/5/1.md. Security practitioners should consult this source for reproduction steps, patch information if available, and recommended remediation actions, such as firmware updates or network segmentation.

EU & UK References

Vulnerability details

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated stack overflow in public-facing router firmware directly enables T1190 exploitation and T1499.004 DoS via application/system exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-70648Same product: Tenda Ax1803
CVE-2025-70651Same product: Tenda Ax1803
CVE-2025-7598Same product: Tenda Ax1803
CVE-2026-1329Same product: Tenda Ax1803
CVE-2025-7597Same product: Tenda Ax1803
CVE-2025-70744Same vendor: Tenda
CVE-2025-70644Same vendor: Tenda
CVE-2025-71019Same vendor: Tenda
CVE-2025-70656Same vendor: Tenda
CVE-2025-71021Same vendor: Tenda

Affected Assets

tenda
ax1803 firmware
1.0.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of the security parameter input in sub_72290 to directly prevent stack overflow from crafted requests.

prevent

Provides timely remediation of the specific stack overflow flaw through firmware patching or updates.

prevent

Implements mechanisms to protect against the DoS caused by stack overflow crashes from unauthenticated remote requests.

References