CVE-2022-45660 is a high-severity buffer overflow vulnerability identified in the Tenda AC6V1.0 router firmware version 15.03.05.19. The flaw exists in the setSchedWifi function, specifically triggered via the schedStartTime parameter. Buffer overflow vulnerabilities (classified under CWE-120) occur when input data exceeds the allocated buffer size, potentially allowing an attacker to overwrite adjacent memory. In this case, the schedStartTime parameter is not properly validated or sanitized, enabling an attacker to supply crafted input that overflows the buffer. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact is primarily on availability (A:H), meaning exploitation could cause denial of service conditions such as router crashes or reboots. Although the CVSS score is 7.5 (high), there is no indication that confidentiality or integrity are directly affected. No known exploits are currently reported in the wild, and no official patches or vendor advisories have been published yet. The vulnerability affects a specific Tenda router model and firmware version, which is commonly used in home and small office environments. Given the network exposure and ease of exploitation, attackers could leverage this flaw to disrupt network connectivity or potentially use it as a foothold for further attacks if combined with other vulnerabilities.

For European organizations, the primary impact of CVE-2022-45660 lies in potential denial of service against network infrastructure relying on the Tenda AC6V1.0 routers. Disruption of Wi-Fi scheduling functionality could lead to intermittent or complete loss of wireless connectivity, affecting business operations, remote work, and IoT device communications. Small and medium enterprises (SMEs) and home offices using this router model may experience outages impacting productivity. While the vulnerability does not directly compromise data confidentiality or integrity, availability loss can indirectly affect operational continuity and service delivery. Additionally, if attackers gain persistent access through this or chained vulnerabilities, it could escalate to broader network compromise. The lack of patches increases the risk window, especially in environments where firmware updates are infrequent or unmanaged. Organizations with limited IT security resources may be more vulnerable to exploitation. Overall, the threat is significant for entities relying on this specific router model, particularly where network uptime is critical.

Identify and inventory all Tenda AC6V1.0 routers running firmware version 15.03.05.19 within the organization’s network. Restrict remote network access to management interfaces of affected routers by implementing network segmentation and firewall rules limiting access to trusted IP addresses only. Disable or restrict the use of Wi-Fi scheduling features if not essential, to reduce the attack surface related to the vulnerable function. Monitor network traffic and device logs for unusual activity or repeated malformed requests targeting the schedStartTime parameter or related endpoints. Engage with Tenda support channels to request firmware updates or security advisories addressing this vulnerability; apply patches promptly once available. Implement compensating controls such as deploying additional network redundancy or failover mechanisms to mitigate potential denial of service impacts. Educate IT staff and users about the risks of using outdated router firmware and the importance of timely updates and secure configuration. Consider replacing affected devices with models from vendors with stronger security track records and active vulnerability management if patches are not forthcoming.