CVE-2022-45652 is a critical buffer overflow vulnerability identified in the Tenda AC6V1.0 router firmware version 15.03.05.19. The flaw exists in the handling of the startIp parameter within the formSetPPTPServer function. Specifically, the vulnerability arises due to improper bounds checking when processing this parameter, leading to a classic CWE-120 buffer overflow condition. This type of vulnerability allows an attacker to overwrite adjacent memory, potentially enabling arbitrary code execution or causing denial of service. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact is high on integrity and availability, as successful exploitation could allow an attacker to manipulate router configurations, disrupt network traffic, or gain control over the device. Although no public exploits have been reported in the wild to date, the high CVSS score of 9.1 reflects the severity and ease of exploitation. The vulnerability affects a widely deployed consumer-grade router model, which is often used in home and small office environments. The lack of available patches or vendor advisories at the time of publication increases the risk for unmitigated deployments. Given the critical nature of this buffer overflow and the network-exposed attack surface, this vulnerability represents a significant threat to the security posture of affected networks.

For European organizations, the exploitation of CVE-2022-45652 could lead to severe consequences including unauthorized control over network routing devices, interception or manipulation of network traffic, and potential lateral movement within internal networks. This is particularly concerning for small and medium enterprises (SMEs) and home office setups that rely on Tenda AC6 routers without advanced network security monitoring. Compromise of these routers could facilitate espionage, data exfiltration, or disruption of business operations. Critical infrastructure sectors that depend on secure and reliable network connectivity may face increased risk if such devices are present in their network perimeters. Furthermore, the integrity and availability of network services could be severely impacted, leading to operational downtime and loss of trust. The absence of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of automated exploitation attempts. Given the prevalence of Tenda routers in consumer and small business markets, the threat extends beyond isolated incidents and could affect a broad range of organizations across Europe.

1. Immediate network segmentation: Isolate Tenda AC6 routers from critical network segments to limit potential lateral movement if compromised. 2. Disable PPTP server functionality if not required, as the vulnerability resides in the formSetPPTPServer function. 3. Monitor network traffic for anomalous patterns indicative of exploitation attempts targeting the startIp parameter or unusual PPTP server configuration requests. 4. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect exploitation attempts of this specific buffer overflow. 5. Regularly audit and inventory network devices to identify the presence of vulnerable Tenda AC6 routers. 6. Engage with Tenda support channels to obtain firmware updates or patches; if unavailable, consider replacing affected devices with models from vendors with active security maintenance. 7. Implement strict access controls on router management interfaces, restricting remote access and enforcing strong authentication where possible. 8. Educate users and administrators about the risks of unpatched network devices and encourage prompt remediation actions.