CVE-2022-45645 is a high-severity buffer overflow vulnerability identified in the Tenda AC6V1.0 router firmware version 15.03.05.19. The flaw exists in the addWifiMacFilter function, specifically via the deviceMac parameter. Buffer overflow vulnerabilities occur when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory. In this case, improper input validation or bounds checking on the deviceMac parameter allows an attacker to overflow the buffer. The vulnerability is remotely exploitable over the network (Attack Vector: Network) without requiring any privileges or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact is primarily on availability (A:H), meaning successful exploitation could lead to denial of service conditions such as router crashes or reboots, disrupting network connectivity. There is no indication of confidentiality or integrity impact, nor is there evidence of code execution or privilege escalation from the available data. No known exploits are currently reported in the wild, and no patches or vendor advisories have been linked, suggesting that mitigation may require manual firmware updates or vendor intervention. The vulnerability is classified under CWE-120, which relates to classic buffer overflow errors. Given the critical role of routers in network infrastructure, exploitation could disrupt both home and enterprise networks relying on this device model and firmware version. However, the lack of authentication requirements and user interaction lowers the barrier for exploitation, increasing risk if the device is exposed to untrusted networks or the internet directly.

For European organizations, the primary impact of this vulnerability is potential disruption of network availability. Enterprises or small businesses using Tenda AC6V1.0 routers with the affected firmware could experience denial of service, leading to loss of internet connectivity, interruption of business operations, and potential cascading effects on dependent services. Critical infrastructure sectors relying on stable network access could face operational challenges. Although the vulnerability does not directly compromise confidentiality or integrity, the resulting downtime could affect productivity and service delivery. Additionally, routers compromised via this vulnerability could be leveraged as entry points for further attacks or lateral movement if combined with other vulnerabilities. The lack of known exploits reduces immediate risk, but the ease of exploitation and network exposure necessitate proactive mitigation. Home users and remote workers using this router model may also face connectivity issues, indirectly impacting organizational operations if remote access or VPNs rely on these devices.

1. Immediate mitigation involves restricting access to the router's management interfaces by placing devices behind firewalls and disabling remote management features if enabled. 2. Network segmentation should be employed to isolate vulnerable devices from critical systems. 3. Monitor network traffic for unusual activity or repeated crashes that may indicate exploitation attempts. 4. Since no official patches are currently linked, organizations should contact Tenda support to inquire about firmware updates addressing this vulnerability and apply them promptly once available. 5. As a temporary measure, consider replacing affected devices with models from vendors with active security support. 6. Implement strict input validation and anomaly detection on network devices where possible to detect malformed packets targeting the deviceMac parameter. 7. Maintain an inventory of all network devices to identify and track vulnerable Tenda AC6 routers. 8. Educate IT staff about this vulnerability to ensure rapid response to any incidents involving router instability or network outages.