CVE-2025-70644 is a stack overflow vulnerability identified in the Tenda AX-1806 router firmware version 1.0.0.1. The vulnerability resides in the sub_60CFC function, specifically in the processing of the 'time' parameter. A crafted network request with a specially malformed 'time' parameter can overflow the stack, leading to a denial of service (DoS) by crashing or rebooting the device. This flaw does not require any authentication or user interaction, making it remotely exploitable by any attacker with network access to the device. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow), a common and dangerous programming error that can lead to crashes or potentially code execution, although in this case only DoS is reported. The CVSS v3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates a high severity due to network attack vector, low attack complexity, no privileges or user interaction required, and a high impact on availability. No patches or known exploits are currently published, but the vulnerability is publicly disclosed and should be considered a significant risk for affected devices. The Tenda AX-1806 is a consumer and small office Wi-Fi 6 router, commonly deployed in home and small business environments, which may be targeted to disrupt internet connectivity or network availability.

For European organizations, this vulnerability primarily threatens network availability by enabling remote attackers to cause denial of service on affected Tenda AX-1806 routers. This can result in temporary loss of internet connectivity, disruption of business operations, and potential cascading effects on dependent services. Small businesses and home offices using this router model may experience outages, impacting remote work and communication. While the vulnerability does not compromise data confidentiality or integrity, the availability impact can be significant, especially for organizations relying on these routers as primary network gateways. The lack of authentication or user interaction required for exploitation increases the risk, as attackers can scan and target vulnerable devices directly over the internet or local networks. The absence of known exploits in the wild currently reduces immediate risk, but the public disclosure may lead to exploit development. European entities with limited IT security resources or outdated network equipment are particularly vulnerable to service disruptions caused by this flaw.

1. Immediately restrict network access to the Tenda AX-1806 management interfaces by implementing firewall rules or access control lists to allow only trusted IP addresses. 2. Segment the network to isolate the router’s management and control traffic from general user traffic, reducing exposure to potential attackers. 3. Monitor network traffic for unusual or malformed requests targeting the 'time' parameter or related router services, using intrusion detection systems or network monitoring tools. 4. Contact Tenda support or check official channels regularly for firmware updates or patches addressing this vulnerability and apply them promptly once available. 5. Consider replacing affected routers with models from vendors with active security support if patching is not feasible. 6. Educate users and administrators about the risks of exposing router management interfaces to the internet and enforce strong network security policies. 7. Implement network-level DoS protection mechanisms to mitigate the impact of potential exploitation attempts. 8. Maintain up-to-date asset inventories to quickly identify and remediate vulnerable devices within the organization.