CVE-2022-45649 is a high-severity buffer overflow vulnerability identified in the Tenda AC6V1.0 router firmware version 15.03.05.19. The flaw exists in the formSetPPTPServer function, specifically triggered via the 'endIp' parameter. Buffer overflow vulnerabilities like this occur when input data exceeds the allocated buffer size, potentially allowing an attacker to overwrite adjacent memory. In this case, the vulnerability can be exploited remotely over the network without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The vulnerability impacts availability (A:H) but does not affect confidentiality or integrity directly. Exploiting this flaw could cause the device to crash or reboot, leading to denial of service (DoS) conditions. Although no known exploits are currently reported in the wild, the ease of exploitation and lack of required privileges make this a significant risk. The vulnerability is classified under CWE-120 (Classic Buffer Overflow), which is a common and well-understood class of memory corruption issues. The absence of vendor or product details beyond the Tenda AC6V1.0 router and lack of patch links suggests limited public remediation information at this time. The vulnerability was published on December 2, 2022, and has been enriched by CISA, indicating recognition by US cybersecurity authorities.

For European organizations, the primary impact of this vulnerability is the potential disruption of network infrastructure relying on the Tenda AC6V1.0 routers. A successful exploitation could cause router crashes or reboots, resulting in network outages and loss of availability for connected systems. This can affect business continuity, especially for small and medium enterprises or branch offices that use these routers as their primary gateway. While the vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service could indirectly impact operations, customer service, and critical communications. Additionally, if attackers leverage this vulnerability as part of a larger attack chain, it could facilitate lateral movement or network reconnaissance. The lack of authentication and user interaction requirements increases the risk of automated scanning and exploitation attempts. Given that Tenda routers are often deployed in home and small office environments, the impact on large enterprises may be limited unless these devices are used in less common scenarios. However, critical infrastructure or service providers using these devices could face operational risks.

1. Immediate mitigation should focus on network-level controls: restrict external access to router management interfaces and PPTP server functionalities, especially from untrusted networks. 2. Disable the PPTP server feature on the Tenda AC6V1.0 router if it is not required, as this is the vulnerable component. 3. Monitor network traffic for unusual activity targeting the 'endIp' parameter or related PPTP server endpoints to detect potential exploitation attempts. 4. Segment networks to isolate vulnerable devices from critical systems to limit the blast radius of any denial of service. 5. Engage with Tenda support channels to obtain firmware updates or patches addressing this vulnerability; if unavailable, consider replacing affected devices with models from vendors providing timely security updates. 6. Implement intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of identifying buffer overflow attempts targeting PPTP server parameters. 7. Maintain up-to-date asset inventories to identify all instances of Tenda AC6V1.0 routers in the environment for targeted remediation.