CVE-2022-42077 is a security vulnerability identified in the Tenda AC1206 router firmware version US_AC1206V1.0RTL_V15.03.06.23_multi_TD01. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw affecting the function fromSysToolReboot. CSRF vulnerabilities allow an attacker to trick an authenticated user into executing unwanted actions on a web application in which they are currently authenticated. In this case, the attacker could potentially force the router to reboot by exploiting the fromSysToolReboot function without the user's consent. The CVSS 3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) shows that the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), requires no privileges (PR:N), but does require user interaction (UI:R). The scope remains unchanged (S:U), and the impact is limited to availability (A:H) with no confidentiality or integrity impact. There are no known exploits in the wild, and no patches or vendor advisories have been linked. The vulnerability is categorized under CWE-352, which corresponds to CSRF. The lack of authentication requirement and low complexity means an attacker could craft a malicious webpage or link that, when visited by an authenticated user of the router's web interface, triggers a reboot, causing denial of service. This could disrupt network connectivity for affected users until the device restarts. Since the router is a consumer-grade device, the attack surface includes home and small office environments where the device is used. The absence of confidentiality or integrity impact reduces the risk of data theft or manipulation, but the availability impact could be significant for users relying on continuous internet access.

For European organizations, especially small businesses or home offices using the Tenda AC1206 router, this vulnerability could lead to intermittent network outages due to forced reboots. This disrupts internet connectivity, potentially affecting business operations, VoIP communications, and access to cloud services. While the impact is limited to availability and does not compromise data confidentiality or integrity, repeated or targeted exploitation could degrade productivity and cause operational inconvenience. Larger enterprises are less likely to be affected as they typically use enterprise-grade networking equipment. However, remote workers or small branch offices using this router model could experience connectivity issues. Additionally, in critical infrastructure sectors or healthcare environments where continuous connectivity is essential, even brief outages could have cascading effects. The lack of known exploits reduces immediate risk, but the ease of exploitation and requirement for user interaction means phishing or social engineering could be used to trigger the attack. Overall, the impact is moderate but should not be overlooked in environments relying on this hardware.

To mitigate this vulnerability, affected users should first verify if firmware updates are available from Tenda addressing CVE-2022-42077 and apply them promptly. In the absence of official patches, users should restrict access to the router's web interface by limiting it to trusted internal networks and disabling remote management features. Implementing network segmentation to isolate the router management interface from general user traffic can reduce exposure. Users should also be educated to avoid clicking on suspicious links or visiting untrusted websites while logged into the router's admin interface to prevent CSRF exploitation. Employing browser security features such as disabling third-party cookies and using content security policies can help mitigate CSRF risks. Network administrators can monitor router logs for unexpected reboot events and consider deploying intrusion detection systems that can flag unusual HTTP requests targeting the router's management interface. Finally, consider replacing vulnerable devices with models that have robust security controls and regular firmware updates.