CVE-2022-40844 is a medium-severity Stored Cross Site Scripting (XSS) vulnerability identified in the Tenda AC1200 Router model W15Ev2 running firmware version V15.11.0.10(1576). The vulnerability arises from improper sanitization of user input in the router's web interface, specifically within the URL body parameter of the website filtering tab. An attacker with at least low-level privileges (PR:L) and requiring user interaction (UI:R) can inject malicious JavaScript code that gets stored and subsequently executed in the context of the router's web management interface. This stored XSS flaw allows the attacker to potentially hijack user sessions, steal authentication cookies, or perform actions on behalf of the legitimate user managing the router. The CVSS 3.1 vector indicates the attack can be launched remotely over the network (AV:N) with low attack complexity (AC:L), but requires some privileges and user interaction, and impacts confidentiality and integrity with a scope change (S:C). No known public exploits have been reported yet, and no patches are currently linked, indicating that affected users may still be vulnerable if they have not updated or mitigated the issue. The vulnerability is classified under CWE-79, which is the common weakness enumeration for Cross Site Scripting.

For European organizations, this vulnerability poses a moderate risk primarily to network security and management infrastructure. If exploited, attackers could gain unauthorized access to router management sessions, potentially altering network configurations, redirecting traffic, or creating persistent backdoors. This could lead to data leakage, interception of sensitive communications, or disruption of network services. Since routers are critical infrastructure components, especially in small to medium enterprises and home office environments, exploitation could facilitate lateral movement within networks or serve as a foothold for more extensive attacks. The requirement for user interaction and low privilege reduces the immediacy of risk but does not eliminate it, especially in environments where multiple users have access to router management interfaces. The lack of available patches means organizations must rely on alternative mitigations until firmware updates are released. Given the widespread use of Tenda routers in consumer and small business markets across Europe, the vulnerability could affect a significant number of endpoints, increasing the attack surface for threat actors targeting European networks.

Organizations should immediately audit their network environments to identify the presence of Tenda AC1200 Router model W15Ev2 devices running the vulnerable firmware version. Until an official patch is released, it is recommended to restrict access to the router's web management interface by implementing network segmentation and access control lists (ACLs) to limit management access to trusted IP addresses only. Administrators should enforce strong authentication mechanisms and educate users about the risks of interacting with suspicious links or inputs in the router management interface. Disabling remote management features, if enabled, can reduce exposure. Monitoring network traffic for unusual activities or unauthorized configuration changes can help detect exploitation attempts. Additionally, organizations should stay alert for firmware updates from Tenda and apply them promptly once available. Employing web application firewalls (WAF) or intrusion prevention systems (IPS) that can detect and block XSS payloads targeting router interfaces may provide an additional layer of defense.