CVE-2025-70744
Published: 15 January 2026
Summary
CVE-2025-70744 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ax1806 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-70744 is a stack overflow vulnerability affecting the Tenda AX-1806 router running firmware version 1.0.0.1. The flaw resides in the cloneType parameter handled by the sub_65B5C function and is classified under CWE-121 (Stack-based Buffer Overflow). Published on 2026-01-15, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.
Unauthenticated attackers with network access can exploit this vulnerability by sending a specially crafted request to the affected device. The attack requires low complexity and no user interaction, allowing remote exploitation without privileges. Successful exploitation triggers the stack overflow, causing a Denial of Service (DoS) that renders the router unavailable.
Security practitioners should consult the referenced advisory at https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-1806/10/1.md for additional technical details and potential mitigation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2792
Vulnerability details
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated stack overflow in public-facing router web interface directly enables T1190 exploitation and T1499.004 application/system exploitation for DoS impact.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates inputs like the cloneType parameter to prevent stack overflows from crafted requests.
Implements memory protections such as stack canaries and address space layout randomization to mitigate stack-based buffer overflows.
Requires timely flaw remediation through firmware updates to fix the stack overflow in sub_65B5C function.