CVE-2025-14665 is a stack-based buffer overflow vulnerability identified in the Tenda WH450 router firmware version 1.0.0.18. The vulnerability resides in the HTTP request handler component, specifically within the /goform/DhcpListClient endpoint. An attacker can manipulate the 'page' parameter in HTTP requests to overflow the stack buffer, potentially overwriting the return address or other control data on the stack. This can lead to arbitrary code execution on the device with the privileges of the HTTP handler process. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, making it highly dangerous. The CVSS v4.0 score of 9.3 reflects its critical severity, with attack vector being network-based, low attack complexity, and no privileges or user interaction needed. The vulnerability impacts confidentiality, integrity, and availability, as an attacker could execute arbitrary commands, disrupt device operation, or pivot into internal networks. Although no confirmed exploits in the wild have been reported, public exploit code has been released, increasing the likelihood of active exploitation. The Tenda WH450 is typically used in small office and home office environments, which may lack robust security monitoring, increasing exposure. No official patches or mitigation guidance have been published yet, requiring organizations to implement interim protective measures. The vulnerability highlights the risks of embedded device firmware flaws and the importance of timely patching and network segmentation.

For European organizations, this vulnerability poses a significant risk, particularly for small and medium enterprises (SMEs) and home office users relying on Tenda WH450 routers. Successful exploitation could allow attackers to gain full control over the affected device, enabling interception or manipulation of network traffic, deployment of malware, or lateral movement into corporate networks. This threatens the confidentiality of sensitive data, the integrity of network communications, and the availability of network services. Critical infrastructure sectors using these devices for network connectivity could face operational disruptions or espionage risks. The lack of authentication and user interaction requirements means attackers can exploit this remotely and stealthily. Given the public availability of exploit code, the window for exploitation is wide open until patches are deployed. The impact is amplified in environments where these routers are directly exposed to the internet or insufficiently segmented from critical assets. European organizations must consider this vulnerability a high priority to avoid potential data breaches, service outages, or compromise of internal systems.

1. Immediately isolate Tenda WH450 devices from direct internet exposure by disabling remote management interfaces and restricting access to trusted internal networks only. 2. Implement strict network segmentation to separate these routers from critical infrastructure and sensitive data environments. 3. Monitor network traffic for unusual HTTP requests targeting the /goform/DhcpListClient endpoint, especially those manipulating the 'page' parameter. 4. Deploy intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect exploitation attempts. 5. Engage with Tenda support channels to obtain official patches or firmware updates addressing this vulnerability as soon as they become available. 6. Where possible, replace affected devices with alternative models that have verified security updates. 7. Educate IT staff and users about the risks and signs of exploitation to enable rapid incident response. 8. Conduct regular vulnerability assessments and penetration testing focusing on network edge devices. 9. Apply strict firewall rules to limit inbound traffic to management interfaces. 10. Maintain up-to-date asset inventories to quickly identify and remediate affected devices.