Details of VAR-202601-4101

ID

VAR-202601-4101

CVE

CVE-2025-70648

TITLE

Shenzhen Tenda Technology Co.,Ltd. of ax1803 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-001989

DESCRIPTION

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. DoS ) attacks.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-70648 // JVNDB: JVNDB-2026-001989

AFFECTED PRODUCTS

vendor:	tenda	model:	ax1803	scope:	eq	version:	1.0.0.1	Trust: 1.0
vendor:	tenda	model:	ax1803	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ax1803	scope:	eq	version:	ax1803 firmware 1.0.0.1	Trust: 0.8
vendor:	tenda	model:	ax1803	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-001989 // NVD: CVE-2025-70648

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70648
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-001989
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70648
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-001989
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001989 // NVD: CVE-2025-70648

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001989 // NVD: CVE-2025-70648

PATCH

title:

VulnbyCola/Tenda/AX-1803/6/1.md at main 0-fool/VulnbyCola GitHub

url:

https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-1803/6/1.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-001989

EXTERNAL IDS

db:	NVD	id:	CVE-2025-70648	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-001989	Trust: 0.8

sources: JVNDB: JVNDB-2026-001989 // NVD: CVE-2025-70648

REFERENCES

url:	https://github.com/0-fool/vulnbycola/blob/main/tenda/ax-1803/6/1.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-70648	Trust: 0.8

sources: JVNDB: JVNDB-2026-001989 // NVD: CVE-2025-70648

SOURCES

db:	JVNDB	id:	JVNDB-2026-001989
db:	NVD	id:	CVE-2025-70648

LAST UPDATE DATE

2026-01-30T23:57:18.570000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001989	date:	2026-01-28T03:34:00
db:	NVD	id:	CVE-2025-70648	date:	2026-01-26T21:01:27.257

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001989	date:	2026-01-28T00:00:00
db:	NVD	id:	CVE-2025-70648	date:	2026-01-21T17:16:07.063