CVE-2022-42167 is a critical stack overflow vulnerability identified in the firmware version V15.03.06.23 of the Tenda AC10 router. The vulnerability is triggered via the /goform/formSetFirewallCfg endpoint, which is likely part of the router's web-based management interface. A stack overflow occurs when more data is written to a buffer located on the stack than it can hold, potentially overwriting adjacent memory and enabling arbitrary code execution or denial of service. This vulnerability has a CVSS v3.1 base score of 9.8, indicating a critical severity level. The attack vector is network-based (AV:N), requiring no privileges (PR:N) and no user interaction (UI:N), making it remotely exploitable by an unauthenticated attacker. The impact encompasses full confidentiality, integrity, and availability compromise (C:H/I:H/A:H). The CWE classification is CWE-787, which corresponds to out-of-bounds write errors. Although no known exploits are currently reported in the wild, the ease of exploitation and severity suggest that active exploitation attempts could emerge. The lack of vendor or product details beyond the Tenda AC10 router model limits detailed vendor-specific mitigation guidance, and no official patch links are provided, indicating that users may need to rely on firmware updates from Tenda or implement network-level protections.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Tenda AC10 routers in their network infrastructure. Successful exploitation could allow attackers to execute arbitrary code remotely, leading to full compromise of the affected device. This could result in interception or manipulation of network traffic, disruption of internet connectivity, or use of the compromised router as a foothold for lateral movement within corporate networks. Small and medium enterprises (SMEs) and home office environments that often use consumer-grade routers like the Tenda AC10 are particularly at risk. Additionally, critical infrastructure or service providers using these devices could face operational disruptions or data breaches. The vulnerability's remote and unauthenticated exploitability increases the risk of widespread attacks, potentially impacting confidentiality of sensitive data, integrity of network configurations, and availability of network services.

1. Immediate mitigation should focus on isolating vulnerable Tenda AC10 routers from untrusted networks, especially the internet, by placing them behind firewalls or VPNs that restrict access to the management interface. 2. Disable remote management features on the router to prevent external access to the /goform/formSetFirewallCfg endpoint. 3. Monitor network traffic for unusual activity originating from or targeting the router, including attempts to access the vulnerable endpoint. 4. Regularly check for firmware updates from Tenda and apply them promptly once available to address this vulnerability. 5. If firmware updates are not available, consider replacing the affected routers with models from vendors with a strong security track record and timely patch management. 6. Employ network segmentation to limit the impact of a compromised router on the broader organizational network. 7. Educate IT staff and users about the risks of using outdated or unsupported network devices and the importance of timely updates.