CVE-2022-45977 is a high-severity command injection vulnerability identified in the Tenda AX12 router firmware version V22.03.01.21_CN. The vulnerability exists in the /goform/setMacFilterCfg function, which is responsible for configuring MAC address filtering on the device. Command injection vulnerabilities occur when untrusted input is passed to a system shell or command interpreter without proper sanitization, allowing an attacker to execute arbitrary commands on the underlying operating system. In this case, the vulnerability allows an attacker with local privileges (PR:L) to execute arbitrary commands remotely over the network (AV:N) without requiring user interaction (UI:N). The vulnerability has a CVSS v3.1 base score of 8.8, indicating a high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The attack complexity is low (AC:L), meaning exploitation does not require special conditions. The scope is unchanged (S:U), so the impact is limited to the vulnerable component. Although no public exploits have been reported in the wild, the presence of this vulnerability in a widely deployed consumer and small office/home office (SOHO) router model poses a significant risk. Successful exploitation could allow attackers to execute arbitrary commands, potentially leading to full device compromise, interception or manipulation of network traffic, and disruption of network services. The vulnerability is categorized under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), which is a common and critical class of injection flaws. No official patches or updates have been linked in the provided information, which may delay remediation efforts.

For European organizations, especially small and medium enterprises (SMEs) and home users relying on Tenda AX12 routers, this vulnerability could lead to severe security breaches. Exploitation could allow attackers to gain control over network infrastructure, intercept sensitive communications, inject malicious traffic, or pivot to internal networks. This could result in data theft, espionage, disruption of business operations, and compromise of connected devices. Given the high confidentiality, integrity, and availability impact, critical business functions relying on network connectivity could be severely affected. Additionally, compromised routers could be leveraged as part of botnets or for launching further attacks, increasing the threat landscape. The lack of user interaction and low attack complexity make this vulnerability particularly dangerous, as automated attacks could rapidly spread. European organizations with limited IT security resources may face challenges in detecting and mitigating such attacks promptly. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future exploitation.

1. Immediate network segmentation: Isolate Tenda AX12 routers from critical network segments to limit potential lateral movement if compromised. 2. Disable or restrict access to the /goform/setMacFilterCfg endpoint if possible, or implement firewall rules to block unauthorized access to router management interfaces from untrusted networks. 3. Monitor network traffic for unusual command execution patterns or unexpected outbound connections originating from the router. 4. Employ network intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics targeting command injection attempts on router management interfaces. 5. Regularly audit router firmware versions and configurations to identify vulnerable devices. 6. Engage with Tenda support channels to obtain official patches or firmware updates addressing this vulnerability; if unavailable, consider replacing affected devices with more secure alternatives. 7. Educate users and administrators on the risks of exposed router management interfaces and enforce strong authentication and access controls. 8. Implement network-level anomaly detection to identify compromised devices exhibiting suspicious behavior. 9. For organizations with remote workers using these routers, provide guidance on securing home network devices or consider deploying VPNs that do not rely solely on home router security.