CVE-2022-45667 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Tenda i22 router, specifically version V1.0.0.3(4687). The vulnerability arises from the function fromSysToolRestoreSet, which can be exploited by an attacker to perform unauthorized actions on the device without the user's consent. CSRF attacks typically trick authenticated users into submitting malicious requests, leveraging their active session to execute unwanted commands. In this case, the vulnerability allows an attacker to cause a denial of service (DoS) condition, as indicated by the CVSS vector which shows no impact on confidentiality or integrity but a high impact on availability (C:N/I:N/A:H). The attack vector is network-based (AV:N), requires low attack complexity (AC:L), no privileges (PR:N), but does require user interaction (UI:R), such as the victim visiting a malicious webpage. The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component itself. No known exploits are currently reported in the wild, and no patches have been linked, indicating that mitigation may rely on configuration or network controls. The vulnerability is classified under CWE-352, which corresponds to CSRF issues, highlighting the lack of proper anti-CSRF tokens or validation mechanisms in the affected function. Given the nature of the vulnerability, an attacker could disrupt the router's availability by forcing it to restore settings or reboot, potentially causing network outages for connected users.

For European organizations, especially those relying on Tenda i22 routers in their network infrastructure, this vulnerability poses a risk of service disruption. The high availability impact means that attackers could cause denial of service by forcing the device to reset or restore configurations, leading to network downtime. This could affect small to medium enterprises or home office setups where Tenda routers are commonly deployed. Disruptions in connectivity can impact business operations, remote work capabilities, and access to critical services. While the vulnerability does not compromise data confidentiality or integrity, the loss of availability can degrade productivity and potentially cause cascading effects if the router is part of a larger network. Additionally, since exploitation requires user interaction, phishing or social engineering campaigns could be used to lure users into triggering the attack. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially if attackers develop proof-of-concept exploits. Organizations in sectors with high reliance on continuous network availability, such as finance, healthcare, and critical infrastructure, should be particularly cautious.

1. Network Segmentation: Isolate Tenda i22 routers from direct exposure to untrusted networks, especially the internet, to reduce the attack surface. 2. Disable Remote Management: Ensure that remote management interfaces on the router are disabled or restricted to trusted IP addresses to prevent external exploitation. 3. User Awareness: Educate users about the risks of clicking on suspicious links or visiting untrusted websites that could trigger CSRF attacks. 4. Firmware Updates: Although no patches are currently linked, regularly check Tenda's official channels for firmware updates addressing this vulnerability. 5. Web Filtering: Implement web filtering solutions to block access to known malicious sites that could host CSRF attack vectors. 6. Use of Security Gateways: Deploy security appliances or firewalls that can detect and block CSRF attack patterns or anomalous requests targeting router management interfaces. 7. Monitor Router Logs: Enable and regularly review router logs for unusual activity that may indicate attempted exploitation. 8. Consider Router Replacement: For critical environments, evaluate replacing vulnerable Tenda i22 devices with models that have robust security controls and are actively maintained.