CVE-2025-44894 is a critical stack overflow vulnerability identified in the firmware version FW-WGS-804HPT v1.305b241111. The flaw exists in the handling of the radDftParamKey parameter within the web_radiusSrv_dftParam_post function. A stack overflow occurs when the input to this parameter exceeds the buffer size allocated on the stack, leading to memory corruption. This vulnerability is classified under CWE-121, which pertains to stack-based buffer overflows. Exploiting this vulnerability requires no authentication or user interaction, and it can be triggered remotely over the network (AV:N). The vulnerability has a CVSS v3.1 base score of 9.8, indicating critical severity, with impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Successful exploitation could allow an attacker to execute arbitrary code, potentially taking full control of the affected device or causing denial of service. Although no known exploits are currently reported in the wild, the ease of exploitation and severity make this a high-risk vulnerability. The affected product appears to be a network device or appliance firmware, likely related to wireless or network gateway systems given the naming convention (FW-WGS-804HPT). The lack of vendor or product name limits precise identification, but the vulnerability's nature suggests it targets embedded network infrastructure devices that handle RADIUS server parameters via a web interface.

For European organizations, this vulnerability poses a significant threat to network infrastructure security. Devices running the vulnerable firmware could be compromised remotely without authentication, allowing attackers to gain unauthorized access, disrupt network services, or pivot to internal networks. This could lead to data breaches, service outages, and loss of control over critical network components. Industries relying heavily on secure network access, such as telecommunications, finance, healthcare, and government agencies, are particularly at risk. The compromise of such devices could facilitate espionage, data exfiltration, or sabotage. Given the criticality and remote exploitability, the vulnerability could be leveraged in targeted attacks or widespread automated campaigns once exploit code becomes available. The lack of patches or vendor advisories at this time increases the urgency for organizations to implement compensating controls and monitoring.

1. Immediate network segmentation: Isolate devices running the FW-WGS-804HPT firmware from critical network segments and restrict access to the management interfaces to trusted administrative hosts only. 2. Deploy strict firewall rules: Block inbound traffic to the vulnerable web interface port from untrusted networks, especially the internet. 3. Monitor network traffic: Implement anomaly detection to identify unusual requests targeting the radDftParamKey parameter or web_radiusSrv_dftParam_post function endpoints. 4. Vendor engagement: Contact the device vendor or supplier to obtain firmware updates or patches addressing this vulnerability. If unavailable, consider device replacement or firmware rollback to a non-vulnerable version if feasible. 5. Incident response readiness: Prepare for potential exploitation by enhancing logging on affected devices and network gateways, and establish rapid response procedures. 6. Access control hardening: Enforce strong authentication and authorization policies for device management interfaces to reduce attack surface. 7. Disable unnecessary services: If the web interface or RADIUS server functionality is not required, disable these services to eliminate the attack vector.