CVE-2022-45673 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Tenda AC6V1.0 router firmware version 15.03.05.19. The vulnerability specifically affects the function fromSysToolRestoreSet, which is likely involved in system restore or configuration reset operations. CSRF vulnerabilities allow an attacker to trick an authenticated user into unknowingly submitting a request that performs an unwanted action on a web application in which the user is currently authenticated. In this case, the attacker could craft a malicious web page or link that, when visited by a user logged into the router's administrative interface, could trigger the fromSysToolRestoreSet function without the user's consent. The CVSS 3.1 base score of 6.5 (medium severity) reflects that the vulnerability can be exploited remotely over the network (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R). The attack complexity is low (AC:L), and the impact is primarily on availability (A:H) with no direct impact on confidentiality or integrity. This suggests that exploitation could disrupt router availability, possibly by restoring factory settings or causing a denial of service, but would not expose sensitive data or allow unauthorized configuration changes beyond the restore operation. No known exploits are currently reported in the wild, and no patches or vendor advisories have been linked to this vulnerability. The lack of vendor and product details beyond the router model limits the scope of detailed technical mitigation but confirms the vulnerability is specific to this Tenda router firmware version.

For European organizations, the impact of this vulnerability lies mainly in potential disruption of network availability. If exploited, attackers could force routers to reset or disrupt their operation, causing temporary loss of internet connectivity or network segmentation failures. This could affect business continuity, especially for small and medium enterprises (SMEs) or branch offices relying on Tenda AC6 routers for internet access or internal networking. While the vulnerability does not compromise confidentiality or integrity, availability disruptions can lead to operational downtime, impacting productivity and potentially delaying critical communications. Additionally, if routers are used in environments with limited IT support, recovery from forced resets could be slow, increasing the window of disruption. Given that the attack requires user interaction, social engineering or phishing campaigns targeting network administrators or users with router access could be a vector. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially if attackers develop proof-of-concept exploits. The impact is more pronounced in organizations with widespread deployment of this router model or those lacking robust network device management and monitoring.

1. Network Segmentation: Isolate management interfaces of routers from general user networks to reduce exposure to CSRF attacks via malicious web pages. 2. Access Controls: Restrict administrative access to the router’s web interface to trusted IP addresses or via VPN to prevent unauthorized external access. 3. User Awareness: Train users and administrators to avoid clicking on suspicious links or visiting untrusted websites while logged into router management interfaces. 4. Firmware Updates: Regularly check Tenda’s official channels for firmware updates or security advisories addressing this vulnerability and apply patches promptly once available. 5. Disable Remote Management: If not required, disable remote web management interfaces to reduce attack surface. 6. Use Strong Authentication: Where possible, enable multi-factor authentication or strong password policies for router administration to limit unauthorized access. 7. Monitor Network Traffic: Implement monitoring to detect unusual router behavior or unexpected resets that could indicate exploitation attempts. 8. Backup Configurations: Maintain regular backups of router configurations to enable rapid recovery in case of forced resets caused by exploitation.