CVE-2024-0995 is a critical stack-based buffer overflow vulnerability identified in the Tenda W6 wireless router, specifically in version 1.0.0.9(4122). The flaw exists in the function formwrlSSIDset within the /goform/wifiSSIDset component of the embedded HTTP server (httpd). The vulnerability arises due to improper handling and validation of the 'index' argument passed to this function, which allows an attacker to overflow the stack buffer. This type of vulnerability can lead to arbitrary code execution, denial of service, or system compromise. The attack vector is remote network access, meaning an attacker can exploit this vulnerability over the network without requiring user interaction. The CVSS 3.1 base score is 7.2 (high severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although the vendor Tenda was notified early, no response or patch has been provided, and no known exploits have been observed in the wild yet. The vulnerability is classified under CWE-121, which is a common weakness enumeration for stack-based buffer overflows, a well-known and dangerous class of memory corruption bugs. Given the nature of the vulnerability and the lack of vendor remediation, this poses a significant risk to affected devices.

For European organizations, the exploitation of this vulnerability could have severe consequences. The Tenda W6 router is typically used in small office/home office (SOHO) environments and possibly in some enterprise branch offices. Successful exploitation could allow attackers to execute arbitrary code remotely, potentially gaining full control over the device. This could lead to interception or manipulation of network traffic, lateral movement within internal networks, disruption of internet connectivity, or use of the device as a foothold for further attacks. Confidential data confidentiality and integrity could be compromised, and availability of network services disrupted. Given the critical nature of the flaw and the lack of patches, organizations relying on these devices are at risk of targeted attacks or automated exploitation once public exploits become widespread. This is particularly concerning for sectors with sensitive data or critical infrastructure in Europe, including finance, healthcare, and government agencies that might use such routers in branch or remote locations.

Since no official patch or firmware update is currently available from Tenda, European organizations should take immediate compensating measures. First, identify and inventory all Tenda W6 devices running the affected firmware version 1.0.0.9(4122). Restrict remote access to the router’s management interface by disabling remote administration or limiting access to trusted IP addresses only. Implement network segmentation to isolate these routers from critical internal networks to reduce attack surface. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection that might catch exploitation attempts targeting the /goform/wifiSSIDset endpoint. Monitor network traffic for unusual activity or signs of exploitation attempts. If possible, replace affected devices with alternative routers from vendors with active security support. Additionally, maintain strict network hygiene by enforcing strong authentication on all network devices and regularly reviewing firewall rules. Organizations should also stay alert for any vendor updates or community-developed patches and apply them promptly once available.