Cyber Resilience

CVE-2025-70753

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
16 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0009 25.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70753 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Tenda Ax1806 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-70753 is a stack-based buffer overflow vulnerability (CWE-787, CWE-121) in the Tenda AX-1806 router running firmware version v1.0.0.1. The flaw resides in the security_5g parameter handled by the sub_4CA50 function, which can be triggered by a specially crafted request to cause a Denial of Service (DoS) condition.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity, no privileges, and no user interaction required. Remote attackers can send a malicious request to the affected device, disrupting its availability—likely resulting in a crash or reboot—without impacting confidentiality or integrity.

References for this CVE point to a GitHub repository (https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-1806/8/1.md), which documents the vulnerability but provides no details on official advisories, patches, or specific mitigation steps in the available information.

EU & UK References

Vulnerability details

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated crafted request to public-facing router web interface (T1190) triggers stack buffer overflow resulting in application/system crash (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-70744Same product: Tenda Ax1806
CVE-2025-71021Same product: Tenda Ax1806
CVE-2025-70645Same product: Tenda Ax1806
CVE-2025-70644Same product: Tenda Ax1806
CVE-2025-70746Same product: Tenda Ax1806
CVE-2025-71019Same product: Tenda Ax1806
CVE-2025-70656Same product: Tenda Ax1806
CVE-2025-70747Same product: Tenda Ax1806
CVE-2025-71020Same product: Tenda Ax1806
CVE-2025-70650Same product: Tenda Ax1806

Affected Assets

tenda
ax1806 firmware
1.0.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents stack overflows by validating crafted inputs to parameters like security_5g in the sub_4CA50 function.

prevent

SC-5 limits the effects of DoS attacks triggered by the stack overflow vulnerability through denial-of-service protections.

prevent

SI-2 addresses the vulnerability by identifying, reporting, and applying firmware patches or updates to remediate the specific stack overflow flaw.

References