CVE-2025-10443 is a high-severity remote buffer overflow vulnerability affecting Tenda AC9 and AC15 routers running firmware versions 15.03.05.14 and 15.03.05.18. The vulnerability resides in the formexeCommand function within the /goform/exeCommand endpoint. Specifically, improper handling and insufficient validation of the cmdinput argument allows an attacker to overflow a buffer. This can lead to memory corruption, potentially enabling arbitrary code execution or denial of service. The vulnerability is exploitable remotely without authentication or user interaction, increasing the attack surface significantly. The CVSS 4.0 score of 8.7 reflects the ease of exploitation (network vector, low attack complexity, no privileges or user interaction required) and the high impact on confidentiality, integrity, and availability. Although no known exploits are currently observed in the wild, a public exploit is available, increasing the risk of exploitation. The vulnerability affects core router firmware components, which are critical for network traffic management and security, making this a serious threat to affected devices.

For European organizations, this vulnerability poses a significant risk to network infrastructure security. Tenda routers like AC9 and AC15 are commonly used in small to medium enterprises and home office environments across Europe due to their cost-effectiveness and feature set. Exploitation could allow attackers to gain unauthorized control over the router, intercept or manipulate network traffic, launch further attacks within the internal network, or disrupt internet connectivity. This could lead to data breaches, espionage, service outages, and compromise of connected devices. Given the remote and unauthenticated nature of the exploit, attackers could target vulnerable routers en masse, potentially impacting critical business operations and sensitive data confidentiality. Organizations relying on these devices without timely patching or mitigations face elevated risks, especially in sectors with high data sensitivity such as finance, healthcare, and government.

1. Immediate firmware upgrade: Organizations should verify their Tenda AC9 and AC15 devices' firmware versions and upgrade to a patched version once released by Tenda. 2. Network segmentation: Isolate vulnerable routers from critical internal networks to limit lateral movement if compromised. 3. Access control: Restrict remote management interfaces and block access to /goform/exeCommand endpoint from untrusted networks using firewall rules. 4. Intrusion detection: Deploy network monitoring solutions to detect anomalous traffic patterns indicative of exploitation attempts targeting the vulnerable endpoint. 5. Disable remote administration if not required to reduce exposure. 6. Vendor engagement: Engage with Tenda support for timelines on patches and consider alternative hardware if patching is delayed. 7. Incident response readiness: Prepare to identify and respond to potential exploitation attempts, including logs analysis and device integrity verification.