CVE-2025-10803 is a high-severity buffer overflow vulnerability affecting the Tenda AC23 wireless router firmware versions up to 16.03.07.52. The vulnerability resides in the HTTP POST request handler component, specifically in the /goform/SetPptpServerCfg endpoint. The flaw is caused by improper handling of the 'startIp' argument in the sscanf function, which can be manipulated by an attacker to overflow the buffer. This overflow can lead to arbitrary code execution or denial of service conditions. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, increasing its risk profile. The CVSS 4.0 base score is 8.7, reflecting its high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no public exploits have been observed in the wild yet, the exploit code has been disclosed, making it likely that attackers will develop weaponized payloads soon. The vulnerability affects a broad range of firmware versions, indicating that many deployed devices remain vulnerable. Given that Tenda AC23 routers are commonly used in home and small office environments, exploitation could allow attackers to compromise network gateways, intercept or manipulate traffic, and pivot into internal networks.

For European organizations, this vulnerability poses significant risks, especially for small and medium enterprises (SMEs) and home office users relying on Tenda AC23 routers for internet connectivity. Successful exploitation could lead to full compromise of the router, enabling attackers to intercept sensitive communications, inject malicious traffic, or establish persistent backdoors. This threatens confidentiality and integrity of organizational data and can disrupt availability of network services. In sectors with strict data protection regulations such as GDPR, a breach stemming from this vulnerability could result in regulatory penalties and reputational damage. Additionally, compromised routers could be leveraged as part of botnets or for lateral movement within corporate networks, amplifying the threat. The lack of authentication requirement and remote exploitability make it a critical risk for organizations with exposed management interfaces or insufficient network segmentation.

Organizations should immediately identify and inventory Tenda AC23 devices within their networks and verify firmware versions. Since no official patches or updates are currently linked, mitigation should focus on reducing exposure: disable remote management interfaces accessible from untrusted networks; restrict access to the /goform/SetPptpServerCfg endpoint via firewall rules or router access control lists; implement network segmentation to isolate vulnerable devices from critical assets; monitor network traffic for unusual POST requests targeting the vulnerable endpoint; and consider replacing affected devices with models from vendors with timely security support. Additionally, organizations should apply strict network perimeter controls and deploy intrusion detection/prevention systems configured to detect exploitation attempts targeting this vulnerability. Regularly check for vendor firmware updates and apply them promptly once available.