CVE-2025-10120 is a high-severity buffer overflow vulnerability affecting the Tenda AC20 router firmware versions up to 16.03.08.12. The vulnerability resides in the strcpy function within the /goform/GetParentControlInfo endpoint, which processes the 'mac' argument. Due to improper bounds checking, an attacker can supply a specially crafted 'mac' parameter that overflows the buffer, potentially overwriting adjacent memory. This flaw can be exploited remotely without user interaction or prior authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The vulnerability impacts confidentiality, integrity, and availability at a high level, as successful exploitation could allow arbitrary code execution or denial of service on the affected device. Although no known exploits are currently observed in the wild, a public exploit has been released, increasing the risk of active exploitation. The vulnerability is critical in network infrastructure contexts because routers like the Tenda AC20 serve as gateways for home and small office networks, and compromise could lead to network traffic interception, lateral movement, or persistent footholds. The lack of a patch link suggests that either a fix is pending or not yet publicly available, emphasizing the urgency for mitigation.

For European organizations, the impact of this vulnerability is significant, especially for small and medium enterprises (SMEs) and home office users relying on Tenda AC20 routers. Exploitation could lead to unauthorized network access, interception of sensitive data, or disruption of internet connectivity. Given the router's role as a network perimeter device, attackers could pivot into internal networks, compromising additional systems and data. This risk is heightened in sectors with sensitive data such as finance, healthcare, and critical infrastructure. Additionally, the vulnerability could be leveraged for botnet recruitment or as a launchpad for broader attacks, affecting organizational reputation and compliance with data protection regulations like GDPR. The remote and unauthenticated nature of the exploit increases the threat surface, making it easier for attackers to target vulnerable devices across Europe.

Organizations should immediately identify all Tenda AC20 devices running affected firmware versions. Since no official patch link is provided, users should monitor Tenda's official channels for firmware updates addressing this vulnerability. In the interim, network administrators should restrict access to the router's management interfaces by implementing firewall rules that limit access to trusted IP addresses only. Disabling remote management features, if enabled, will reduce exposure. Employ network segmentation to isolate vulnerable devices from critical systems. Regularly audit network devices for unauthorized changes and monitor logs for suspicious activity related to /goform/GetParentControlInfo requests. Where feasible, replace vulnerable devices with models from vendors providing timely security updates. Additionally, educating users about the risks and encouraging prompt firmware updates once available is critical.