CVE-2024-25751 is a stack-based buffer overflow vulnerability identified in the Tenda AC9 router running firmware version 15.03.06.42_multi. The flaw resides in the fromSetSysTime function, which improperly handles input data, allowing an attacker to overflow the stack buffer remotely. This overflow can be exploited to execute arbitrary code on the device with no need for authentication or user interaction, making it a highly severe security issue. The vulnerability is classified under CWE-121, indicating classic stack-based buffer overflow behavior. The CVSS v3.1 base score of 9.8 reflects its critical severity, with attack vector being network-based (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact covers confidentiality, integrity, and availability (C:H/I:H/A:H), meaning an attacker could fully compromise the device, intercept or manipulate traffic, or disrupt network services. Although no public exploits have been reported yet, the nature of the vulnerability suggests that weaponized exploits could emerge rapidly. The affected firmware version is specific, but Tenda AC9 routers are widely deployed in consumer and small business environments, increasing the potential attack surface. No official patches or mitigation instructions have been released at the time of publication, leaving devices vulnerable.

The vulnerability allows remote attackers to execute arbitrary code on affected Tenda AC9 routers, potentially leading to full device compromise. This can result in unauthorized access to internal networks, interception or manipulation of network traffic, and disruption of internet connectivity. The compromise of routers can also serve as a foothold for lateral movement into corporate or home networks, enabling further attacks such as data theft, ransomware deployment, or persistent espionage. Given the critical severity and lack of authentication requirements, attackers can exploit this vulnerability at scale, targeting vulnerable devices globally. The impact extends to confidentiality, integrity, and availability, threatening both personal and organizational data security. Additionally, compromised routers can be recruited into botnets, amplifying the threat to broader internet infrastructure. Organizations relying on Tenda AC9 devices without timely updates face significant operational and reputational risks.

Until an official patch is released, organizations should implement network-level mitigations to reduce exposure. These include disabling remote management interfaces on Tenda AC9 routers, especially WAN-facing services, to prevent external exploitation. Network segmentation should be enforced to isolate vulnerable devices from critical infrastructure and sensitive data. Monitoring network traffic for unusual patterns or signs of exploitation attempts targeting the fromSetSysTime function or related services is advised. Employing intrusion detection/prevention systems (IDS/IPS) with updated signatures can help detect exploitation attempts. Users should regularly check Tenda’s official channels for firmware updates and apply patches immediately once available. Where possible, replacing vulnerable devices with models from vendors with robust security update practices may be considered. Additionally, educating users about the risks of exposed router management interfaces and encouraging strong administrative credentials can help mitigate risk.