CVE-2025-70645 identifies a stack overflow vulnerability in the Tenda AX-1806 router firmware version 1.0.0.1. The flaw resides in the handling of the deviceList parameter within the formSetWifiMacFilterCfg function, which is responsible for configuring MAC address filtering on the Wi-Fi interface. A crafted request manipulating this parameter can overflow the stack, causing the device to crash or reboot, resulting in a Denial of Service (DoS). This vulnerability does not require authentication or user interaction, increasing its risk profile, especially if the router's management interface is exposed to untrusted networks. Although no exploits have been observed in the wild, the vulnerability's presence in consumer-grade networking equipment used in SOHO environments raises concerns about potential disruption. The absence of a CVSS score limits precise severity quantification, but the technical characteristics suggest a significant impact on device availability. No patches or firmware updates are currently listed, emphasizing the need for proactive defensive measures. The vulnerability highlights the importance of secure coding practices in embedded device firmware and the risks posed by insufficient input validation in network device management functions.

For European organizations, especially small and medium enterprises (SMEs) and home offices relying on Tenda AX-1806 routers, this vulnerability could lead to network outages due to device crashes or reboots triggered by malicious actors. Such Denial of Service conditions can disrupt internet connectivity, internal communications, and access to cloud services, potentially halting business operations. The impact extends to availability but does not directly compromise confidentiality or integrity. However, prolonged or repeated outages could indirectly affect data availability and business continuity. Organizations with remote or distributed workforces using vulnerable routers may experience increased operational risk. Additionally, critical infrastructure or service providers using these devices in edge or access networks could face service degradation. The lack of known exploits reduces immediate threat but does not eliminate the risk of future attacks once exploit code becomes available. The vulnerability's ease of exploitation without authentication increases its threat level in exposed network environments.

1. Immediately restrict access to the router's management interface by limiting it to trusted internal networks and disabling remote management where possible. 2. Monitor network traffic for unusual or malformed requests targeting the formSetWifiMacFilterCfg function or the deviceList parameter to detect potential exploitation attempts. 3. Implement network segmentation to isolate vulnerable devices from critical systems and sensitive data. 4. Regularly check for firmware updates from Tenda and apply patches promptly once available to remediate the vulnerability. 5. Consider replacing vulnerable Tenda AX-1806 routers with devices from vendors with a strong security update track record if patching is delayed. 6. Educate users and administrators about the risks of exposing router management interfaces to the internet and enforce strong access controls. 7. Employ intrusion detection/prevention systems (IDS/IPS) capable of identifying exploit attempts targeting this vulnerability. 8. Maintain comprehensive network and device logs to support incident response and forensic analysis if exploitation is suspected.