CVE-2025-71020
Published: 16 January 2026
Summary
CVE-2025-71020 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda Ax1806 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack overflow in network-accessible router function directly enables remote unauthenticated DoS via crafted request, mapping to application/system exploitation for endpoint denial of service.
NVD Description
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Deeper analysisAI
CVE-2025-71020 is a stack overflow vulnerability (CWE-121) affecting the Tenda AX-1806 router running firmware version 1.0.0.1. The flaw resides in the security parameter of the sub_4C408 function, which can be triggered by a specially crafted request to cause a Denial of Service (DoS) condition.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and potential for high impact on availability. Unauthenticated remote attackers can exploit it to crash the device, disrupting network services without affecting confidentiality or integrity.
Details on the vulnerability, including potential proof-of-concept information, are documented in GitHub repositories at https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-1806/5/1.md. No vendor advisories or patch information is specified in available data.
Details
- CWE(s)