CVE-2025-71021 is a stack overflow vulnerability identified in the Tenda AX-1806 router firmware version 1.0.0.1. The flaw exists in the handling of the serverName parameter within the sub_65A28 function, where improper bounds checking allows an attacker to overflow the stack. This vulnerability can be triggered remotely by sending a crafted request to the router, leading to a Denial of Service (DoS) condition by crashing or destabilizing the device. The vulnerability does not require prior authentication, increasing its risk profile, but it does require network access to the device, typically via local network or exposed management interfaces. No CVSS score has been assigned yet, and no patches or official mitigations have been released. There are no known exploits in the wild at this time. The vulnerability primarily impacts the availability of the router, potentially causing network outages or interruptions for users dependent on the device. The Tenda AX-1806 is a consumer-grade Wi-Fi 6 router, often used in small office/home office (SOHO) environments, making it a target for attackers seeking to disrupt connectivity or cause service interruptions. The lack of authentication requirement and ease of triggering the overflow via crafted requests heighten the risk, especially in environments where the device is exposed to untrusted networks or lacks proper access controls.

The primary impact of CVE-2025-71021 is on the availability of affected Tenda AX-1806 routers. Successful exploitation results in a Denial of Service, causing the device to crash or become unresponsive. For European organizations, especially small businesses and home offices relying on these routers, this could lead to temporary loss of internet connectivity and disruption of business operations. In sectors where continuous connectivity is critical, such as remote work environments, healthcare, or financial services, such outages could have cascading effects on productivity and service delivery. Although the vulnerability does not directly compromise confidentiality or integrity, the resulting downtime could be exploited as part of a larger attack strategy, such as distraction during a multi-vector attack. The absence of known exploits in the wild reduces immediate risk, but the lack of patches and the ease of exploitation mean that attackers could develop exploits rapidly. Organizations with exposed router management interfaces or weak network segmentation are at higher risk. The impact is more pronounced in countries with higher adoption rates of Tenda consumer routers and where small and medium enterprises form a significant part of the economy.

1. Immediately restrict access to the router’s management interfaces by limiting them to trusted internal networks and disabling remote management if not required. 2. Implement network segmentation to isolate IoT and consumer-grade devices from critical business systems to contain potential disruptions. 3. Monitor network traffic for unusual or malformed requests targeting the router’s management services, which may indicate exploitation attempts. 4. Regularly check for firmware updates from Tenda and apply patches as soon as they become available to remediate the vulnerability. 5. Consider replacing vulnerable Tenda AX-1806 routers with enterprise-grade devices that have stronger security controls and vendor support. 6. Educate users and IT staff about the risks of exposing router management interfaces to the internet and enforce strong password policies. 7. Employ intrusion detection/prevention systems (IDS/IPS) capable of detecting anomalous traffic patterns indicative of stack overflow attempts. 8. Maintain an inventory of network devices to quickly identify and respond to vulnerable hardware within the environment.