CVE-2025-10773 is a high-severity stack-based buffer overflow vulnerability affecting the B-Link BL-AC2100 wireless router devices running firmware versions 1.0.0 through 1.0.3. The flaw exists in the Web Management Interface component, specifically in the function delshrpath within the /goform/set_delshrpath_cfg endpoint. The vulnerability arises from improper handling of the 'Type' argument, which can be manipulated remotely without authentication or user interaction to trigger a stack-based buffer overflow. This overflow can lead to arbitrary code execution or denial of service conditions on the affected device. The vulnerability is remotely exploitable over the network, requiring no privileges or user interaction, making it highly dangerous. Although the vendor was notified early, no response or patch has been issued, and a public exploit has been released, increasing the risk of exploitation. The CVSS v4.0 score of 8.7 reflects the critical nature of the vulnerability, with high impact on confidentiality, integrity, and availability due to the potential for remote code execution and system compromise. The lack of vendor response and patch availability further exacerbates the threat landscape for users of the BL-AC2100 device.

For European organizations, the exploitation of CVE-2025-10773 could have severe consequences. The BL-AC2100 is a wireless router commonly used in small to medium-sized enterprises and possibly in home office environments. Successful exploitation could allow attackers to gain full control over the device, enabling interception or manipulation of network traffic, lateral movement within corporate networks, and disruption of network services. This could lead to data breaches, loss of sensitive information, and operational downtime. Given the remote exploitability without authentication, attackers could target exposed management interfaces directly from the internet or through compromised internal hosts. The absence of a vendor patch means organizations must rely on network-level mitigations and device replacement, increasing operational costs and complexity. Additionally, the public availability of exploits raises the likelihood of opportunistic attacks, including ransomware campaigns or espionage activities targeting European businesses and critical infrastructure relying on these devices.

1. Immediate network segmentation: Isolate BL-AC2100 devices from critical network segments and restrict access to their management interfaces using firewalls or access control lists (ACLs). 2. Disable remote management interfaces if not strictly necessary, or restrict access to trusted IP addresses only. 3. Monitor network traffic for unusual activity targeting the /goform/set_delshrpath_cfg endpoint or anomalous packets that could indicate exploitation attempts. 4. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect exploitation attempts against this vulnerability. 5. Consider replacing affected BL-AC2100 devices with alternative hardware from vendors with active security support if patches remain unavailable. 6. Maintain strict network hygiene, including regular vulnerability scanning and asset inventory to identify all affected devices. 7. Implement strong network segmentation and zero-trust principles to limit the impact of any compromised device. 8. Stay alert for vendor updates or community patches and apply them promptly once available.