CVE-2025-29329 is a critical buffer overflow vulnerability found in the ippprint service of the Sagemcom F@st 3686 MAGYAR_4.121.0 router firmware. The ippprint service implements the Internet Printing Protocol (IPP), which allows networked printing capabilities. The vulnerability arises when the service processes a crafted HTTP request that exceeds expected buffer sizes, leading to memory corruption. This memory corruption can be exploited by a remote attacker to execute arbitrary code on the device without requiring authentication or user interaction. The flaw is significant because it allows full control over the affected device, potentially enabling attackers to pivot into internal networks, intercept or manipulate traffic, or disrupt printing services. Although no CVSS score is assigned and no public exploits are known, the nature of the vulnerability—remote code execution via network-exposed service—makes it highly dangerous. The lack of patch information suggests that mitigation may currently rely on network controls or vendor updates yet to be released. The vulnerability was reserved in March 2025 and published in January 2026, indicating recent discovery and disclosure. The affected product, Sagemcom F@st 3686, is a widely deployed router model in certain European markets, especially in Hungary and neighboring countries, often provided by ISPs to residential and small business customers. This increases the attack surface and potential impact on European organizations relying on these devices for network connectivity and printing services.

For European organizations, exploitation of CVE-2025-29329 could lead to full compromise of affected routers, enabling attackers to execute arbitrary code remotely. This can result in unauthorized access to internal networks, interception of sensitive data, disruption of printing services, and potential lateral movement to other critical systems. Organizations relying on the Sagemcom F@st 3686 routers, especially in sectors with high printing demands such as government, healthcare, and finance, may experience operational disruptions and data breaches. The vulnerability's remote and unauthenticated nature increases the risk of widespread exploitation if the devices are exposed to the internet or poorly segmented internal networks. Additionally, compromised routers can be used as footholds for launching further attacks or as part of botnets, amplifying the threat landscape. The absence of known exploits currently reduces immediate risk but also means organizations should proactively address the vulnerability before exploitation occurs. The impact is heightened in countries with significant deployment of this router model and where network printing is integral to business operations.

1. Immediate identification and inventory of all Sagemcom F@st 3686 MAGYAR_4.121.0 routers within the network to assess exposure. 2. Apply vendor-provided firmware updates as soon as they become available to patch the ippprint buffer overflow vulnerability. 3. In the absence of patches, restrict access to the ippprint service by implementing network segmentation, firewall rules, or access control lists to block external and unnecessary internal access to the affected service ports. 4. Disable the ippprint or Internet Printing Protocol service on the router if printing functionality is not required or can be provided via alternative means. 5. Monitor network traffic for unusual HTTP requests targeting the ippprint service, which may indicate exploitation attempts. 6. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting malformed IPP requests or buffer overflow attempts. 7. Educate IT and security teams about this vulnerability to ensure rapid response and remediation. 8. Consider replacing affected devices with models that have a better security track record if vendor support is limited or delayed.