CVE-2022-45674 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Tenda AC6 V1.0 router firmware version 15.03.05.19. CSRF vulnerabilities occur when an attacker tricks an authenticated user into submitting a forged HTTP request, causing the victim's browser to perform unwanted actions on a web application in which they are authenticated. In this case, the vulnerable function is 'fromSysToolReboot', which likely triggers a reboot of the router device. The vulnerability allows an attacker to remotely induce a reboot of the affected router without requiring authentication or elevated privileges, but user interaction is necessary (e.g., the victim must visit a malicious webpage). The CVSS 3.1 base score is 6.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), but high impact on availability (A:H). This means the primary impact is denial of service through forced reboot, which disrupts network connectivity. No patches or known exploits in the wild have been reported as of the publication date. The vulnerability is categorized under CWE-352 (Cross-Site Request Forgery). The lack of vendor or product details beyond the Tenda AC6 router limits the scope of affected versions, but the specific firmware version is identified. The vulnerability is exploitable remotely over the network, leveraging the router's web management interface, which is typically accessible within local networks or potentially exposed to the internet if misconfigured.

For European organizations, the impact of this vulnerability primarily concerns network availability and operational continuity. The forced reboot of Tenda AC6 routers can cause temporary denial of service, disrupting internet connectivity for end users or internal networks relying on these devices. This can affect small and medium enterprises, home offices, and potentially branch offices that use Tenda AC6 routers. While the vulnerability does not compromise confidentiality or integrity, repeated exploitation could lead to persistent network outages, impacting business operations, remote work, and access to cloud services. In critical infrastructure or sectors with high availability requirements (e.g., healthcare, finance, manufacturing), such disruptions could have cascading effects. Additionally, if attackers combine this vulnerability with other exploits or social engineering, they might create more complex attack scenarios. However, the requirement for user interaction and the absence of known widespread exploitation reduce the immediate threat level. The impact is more pronounced in environments where Tenda AC6 routers are prevalent and where network downtime has significant operational consequences.

1. Network Segmentation: Isolate router management interfaces from general user networks and restrict access to trusted administrators only. 2. Disable Remote Management: Ensure that remote web management interfaces on Tenda AC6 routers are disabled or protected by strong authentication and IP whitelisting to prevent external exploitation. 3. User Awareness: Educate users about the risks of visiting untrusted websites or clicking on suspicious links that could trigger CSRF attacks. 4. Firmware Updates: Although no patch is currently available, monitor Tenda's official channels for firmware updates addressing this vulnerability and apply them promptly once released. 5. Implement CSRF Protections: If possible, configure or upgrade router firmware to include anti-CSRF tokens or mechanisms that validate legitimate requests. 6. Use Network Monitoring: Deploy monitoring tools to detect unusual router reboots or network disruptions that could indicate exploitation attempts. 7. Alternative Hardware: Consider replacing vulnerable Tenda AC6 routers with devices from vendors with active security support and patch management if mitigation is not feasible. 8. Harden Browser Security: Employ browser security settings or extensions that block cross-site requests or scripts from untrusted sources to reduce the risk of CSRF exploitation.