CVE-2025-14992 is a stack-based buffer overflow vulnerability identified in the Tenda AC18 router firmware version 15.03.05.05. The vulnerability exists in the HTTP request handler component, specifically in the /goform/GetParentControlInfo endpoint. The root cause is the unsafe use of the strcpy function to copy the 'mac' parameter without proper bounds checking, leading to a stack buffer overflow when a specially crafted input is sent. This overflow can overwrite the stack, allowing an attacker to execute arbitrary code remotely. The attack vector is network-based (AV:N), requires no user interaction (UI:N), and no authentication (AT:N), making it highly exploitable. The CVSS 4.0 vector indicates low attack complexity (AC:L) but requires low privileges (PR:L), suggesting that an attacker with limited access can exploit it. The vulnerability impacts confidentiality, integrity, and availability at a high level (VC:H, VI:H, VA:H). Although no exploits are currently observed in the wild, the public disclosure of exploit code increases the likelihood of attacks. The vulnerability affects only the specified firmware version, and no patch links are currently available, indicating that mitigation options may be limited to network controls or vendor updates once released. The flaw poses a significant risk to networks relying on Tenda AC18 routers, potentially enabling attackers to gain control over the device, intercept or manipulate traffic, or disrupt network services.

For European organizations, this vulnerability presents a significant risk due to the potential for remote code execution on network routers, which are critical infrastructure components. Successful exploitation could lead to full compromise of the affected router, enabling attackers to intercept sensitive communications, pivot into internal networks, deploy malware, or cause denial of service. This is particularly concerning for enterprises, government agencies, and critical infrastructure operators using Tenda AC18 devices. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the threat landscape. Additionally, the public availability of exploit code may lead to rapid weaponization by cybercriminals or state-sponsored actors. The impact extends beyond individual organizations to potentially affect supply chains and national security, especially in sectors relying on secure and stable network connectivity.

1. Immediate identification and inventory of all Tenda AC18 routers running firmware version 15.03.05.05 within the network. 2. Contact Tenda for official firmware updates or security patches addressing CVE-2025-14992; apply updates as soon as they become available. 3. Until patches are available, implement network-level protections such as firewall rules to block or restrict access to the /goform/GetParentControlInfo endpoint or the router's management interface from untrusted networks. 4. Employ network segmentation to isolate vulnerable devices from critical assets and limit lateral movement in case of compromise. 5. Monitor network traffic for unusual or malformed HTTP requests targeting the router's management endpoints. 6. Use intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting exploitation attempts targeting this vulnerability. 7. Educate IT and security teams about the vulnerability and ensure incident response plans include scenarios involving router compromise. 8. Consider temporary replacement or removal of vulnerable devices in high-risk environments if patching is delayed.