CVE-2022-45654 is a high-severity buffer overflow vulnerability identified in the Tenda AC6V1.0 router firmware version 15.03.05.19. The vulnerability arises from improper handling of the 'ssid' parameter within the function form_fast_setting_wifi_set. Specifically, the buffer overflow occurs when the input provided to the 'ssid' parameter exceeds the allocated buffer size, leading to memory corruption. This type of vulnerability is classified under CWE-120, which pertains to classic buffer overflow issues where a program writes more data to a buffer than it can hold. The vulnerability is exploitable remotely over the network (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), making it highly accessible to attackers. The impact vector is limited to availability (A:H), indicating that exploitation primarily results in denial of service, such as router crashes or reboots, rather than confidentiality or integrity breaches. No known exploits have been reported in the wild, and no official patches have been linked or published at this time. The vulnerability was reserved on November 21, 2022, and publicly disclosed on December 2, 2022. Given the nature of the vulnerability, attackers could potentially disrupt network availability by causing the router to crash or become unresponsive through crafted SSID inputs, which may affect network stability for users relying on the affected device. Since the vulnerability does not require authentication or user interaction, it poses a significant risk in environments where the router's management interface or Wi-Fi configuration is exposed or accessible to untrusted networks.

For European organizations, the primary impact of CVE-2022-45654 is the potential disruption of network availability due to router crashes or reboots triggered by maliciously crafted SSID parameters. This can lead to denial of service conditions affecting business continuity, especially for small and medium enterprises or branch offices relying on Tenda AC6 routers for internet connectivity. While the vulnerability does not directly compromise confidentiality or integrity, the loss of availability can hinder critical operations, remote work, and access to cloud services. Organizations in sectors such as finance, healthcare, and manufacturing, where network uptime is crucial, may experience operational delays and productivity losses. Additionally, network outages could indirectly affect security monitoring and incident response capabilities if network devices become unreachable. The absence of known exploits reduces immediate risk, but the ease of exploitation and lack of required privileges mean that attackers could develop exploits rapidly. The impact is more pronounced in environments where the affected routers are deployed in exposed network segments or where Wi-Fi configuration interfaces are accessible without strong access controls.

To mitigate CVE-2022-45654, European organizations should first identify any deployment of Tenda AC6V1.0 routers running firmware version 15.03.05.19. Since no official patches are currently available, organizations should implement compensating controls: 1) Restrict network access to router management interfaces and Wi-Fi configuration endpoints by implementing network segmentation and firewall rules to limit exposure to trusted administrators only. 2) Disable remote management features if not required, reducing the attack surface. 3) Monitor network traffic for unusual SSID configuration attempts or malformed packets targeting the router's configuration interface. 4) Where possible, replace affected devices with models from vendors providing timely security updates and support. 5) Engage with Tenda support channels to obtain firmware updates or security advisories. 6) Implement network redundancy to minimize the impact of router outages on business operations. 7) Educate IT staff about the vulnerability to ensure rapid response if signs of exploitation appear. These measures go beyond generic advice by focusing on access control, monitoring, and device lifecycle management tailored to this specific vulnerability.