CVE-2025-70747 is a stack-based buffer overflow vulnerability identified in the Tenda AX-1806 router firmware version 1.0.0.1. The flaw resides in the handling of the serviceName parameter within the sub_65A28 function, where insufficient bounds checking allows an attacker to overflow the stack. This vulnerability can be triggered remotely by sending a specially crafted request to the affected router, leading to a denial of service (DoS) condition by crashing or destabilizing the device. The vulnerability does not require any privileges or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score of 7.5 reflects a high severity primarily due to the impact on availability (A:H), with no impact on confidentiality or integrity. The attack vector is network-based (AV:N), with low attack complexity (AC:L), and no privileges required (PR:N). Currently, there are no known exploits in the wild, and no official patches have been released, increasing the urgency for organizations to implement interim mitigations. The vulnerability is categorized under CWE-121 (Stack-based Buffer Overflow), a common and critical software weakness that can lead to crashes or code execution in other contexts, though this instance is limited to DoS. Given the widespread use of Tenda routers in consumer and small business environments, exploitation could disrupt internet connectivity and network availability.

For European organizations, this vulnerability poses a significant risk to network availability, particularly for small businesses and home offices relying on Tenda AX-1806 routers. A successful attack could result in denial of service, causing network outages and loss of internet connectivity, which can disrupt business operations, remote work, and communications. Although the vulnerability does not compromise confidentiality or integrity, the loss of availability can have cascading effects on productivity and service delivery. Critical infrastructure or organizations with remote sites using these routers may experience operational interruptions. The lack of authentication requirement and ease of exploitation increase the threat level, especially if attackers scan for vulnerable devices exposed to the internet. This could also impact managed service providers supporting multiple clients with Tenda devices. The absence of patches means organizations must rely on network-level controls and monitoring to mitigate risk until a firmware update is available.

1. Immediately restrict access to the Tenda AX-1806 router management interfaces by limiting them to trusted internal networks or VPNs, preventing exposure to the public internet. 2. Implement network segmentation to isolate vulnerable routers from critical systems and sensitive data, reducing the blast radius of a potential DoS attack. 3. Monitor network traffic for unusual or malformed requests targeting the serviceName parameter or related router services, using intrusion detection/prevention systems (IDS/IPS). 4. Disable any unnecessary services or remote management features on the router to minimize the attack surface. 5. Regularly check for firmware updates from Tenda and apply patches promptly once available. 6. Consider replacing vulnerable devices with models from vendors with stronger security track records if immediate patching is not feasible. 7. Educate IT staff and end users about the risks and signs of router compromise or instability to enable rapid response. 8. Employ rate limiting or firewall rules to block suspicious traffic patterns that could exploit this vulnerability.