CVE-2025-70744 identifies a stack overflow vulnerability in the Tenda AX-1806 router firmware version 1.0.0.1. The flaw resides in the handling of the cloneType parameter within the sub_65B5C function. A stack overflow occurs when the input to this parameter exceeds the expected bounds, leading to memory corruption. This can be triggered remotely by sending a specially crafted request to the affected device, causing it to crash or reboot, resulting in a Denial of Service (DoS) condition. The vulnerability does not require prior authentication, making it accessible to any attacker with network access to the device. No patches or updates have been released at the time of publication, and no exploits have been observed in the wild. The lack of a CVSS score means the severity must be assessed based on impact and exploitability. The vulnerability primarily affects availability by disrupting device operation, with no direct indication of confidentiality or integrity compromise. The affected product is a consumer-grade or small office/home office (SOHO) router, which may be deployed in enterprise edge environments or smaller organizational networks.

For European organizations, exploitation of this vulnerability could lead to network outages or degraded connectivity due to router crashes. This could disrupt business operations, especially for organizations relying on Tenda AX-1806 routers for internet access or internal network routing. Critical infrastructure or small to medium enterprises (SMEs) using these devices may experience interruptions in services, impacting productivity and potentially causing financial losses. Since the vulnerability allows unauthenticated remote triggering, attackers could leverage it in targeted Denial of Service campaigns or as part of larger multi-vector attacks. The absence of known exploits reduces immediate risk, but the potential for disruption remains significant if attackers develop reliable exploit code. The impact is primarily on availability, with no direct evidence of data breach or privilege escalation. However, repeated or sustained exploitation could degrade network trust and operational stability.

1. Immediately restrict access to the management interfaces of Tenda AX-1806 routers to trusted internal networks only, using firewall rules or VLAN segmentation. 2. Disable any unnecessary services or remote management features on the router to reduce the attack surface. 3. Monitor network traffic for unusual or malformed requests targeting the cloneType parameter or related router functions. 4. Implement network segmentation to isolate critical systems from devices running vulnerable firmware. 5. Regularly audit and inventory network devices to identify any Tenda AX-1806 routers in use. 6. Engage with Tenda support or vendor channels to obtain firmware updates or patches once available. 7. Consider deploying intrusion detection/prevention systems (IDS/IPS) capable of detecting anomalous traffic patterns indicative of exploitation attempts. 8. Educate network administrators about this vulnerability and encourage proactive monitoring and incident response readiness.