CVE-2023-51812 is a critical remote code execution (RCE) vulnerability identified in the Tenda AX3 router firmware version 16.03.12.11. The vulnerability arises from improper input validation of the 'list' parameter in the /goform/SetNetControlList endpoint. This flaw is classified under CWE-77, which relates to improper neutralization of special elements used in a command ('Command Injection'). An attacker can exploit this vulnerability remotely without authentication or user interaction, by sending specially crafted requests to the vulnerable endpoint. Successful exploitation allows the attacker to execute arbitrary commands on the router with the privileges of the underlying process, potentially leading to full system compromise. The CVSS v3.1 base score is 9.8, reflecting the high impact on confidentiality, integrity, and availability, combined with the ease of exploitation over the network without any privileges or user interaction. Although no known exploits are currently reported in the wild, the severity and nature of this vulnerability make it a significant threat to affected devices. The lack of an official patch or vendor project information at the time of publication increases the urgency for mitigation and monitoring.

For European organizations, especially those relying on Tenda AX3 routers for network connectivity, this vulnerability poses a severe risk. Exploitation could lead to unauthorized control over network infrastructure, enabling attackers to intercept, modify, or disrupt network traffic, deploy malware, or pivot to internal systems. This could compromise sensitive data confidentiality, disrupt business operations, and damage organizational reputation. Small and medium enterprises (SMEs) and home office setups that use consumer-grade routers like the Tenda AX3 may be particularly vulnerable due to less stringent network security controls. Additionally, critical infrastructure sectors that utilize these devices for connectivity could face operational disruptions or espionage risks. The absence of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of automated exploitation attempts targeting exposed devices across Europe.

Immediate mitigation steps should include isolating affected Tenda AX3 routers from untrusted networks and restricting access to the /goform/SetNetControlList endpoint via network segmentation or firewall rules. Network administrators should monitor network traffic for unusual requests targeting this endpoint and implement intrusion detection/prevention systems (IDS/IPS) signatures to detect exploitation attempts. Until an official patch is released, consider replacing vulnerable devices with alternative hardware from vendors with timely security updates. If replacement is not feasible, disable remote management features and restrict router management access to trusted internal networks only. Regularly audit router firmware versions and subscribe to vendor security advisories to apply patches promptly once available. Additionally, organizations should conduct internal network scans to identify vulnerable devices and assess exposure. Employing network-level anomaly detection can help identify exploitation attempts early.