CVE-2025-71019
Published: 15 January 2026
Summary
CVE-2025-71019 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ax1806 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote stack overflow in public router web interface directly enables T1190 exploitation and T1499.004 DoS via crafted request.
NVD Description
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Deeper analysisAI
CVE-2025-71019 is a stack-based buffer overflow vulnerability affecting the Tenda AX-1806 router on firmware version v1.0.0.1. The flaw occurs in the wanSpeed parameter processed by the sub_65B5C function, as disclosed on January 15, 2026. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-121.
Unauthenticated remote attackers with network access to the device can exploit this vulnerability by sending a specially crafted request to the affected parameter. Exploitation triggers a stack overflow, enabling a Denial of Service (DoS) condition that disrupts device availability without impacting confidentiality or integrity.
Further details, including potential mitigation guidance, are available in the referenced advisory at https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-1806/9/1.md.
Details
- CWE(s)