CVE-2025-45042 is a critical command injection vulnerability identified in the Tenda AC9 router firmware version 15.03.05.14. This vulnerability exists within the Telnet service functionality of the device. Command injection (CWE-78) vulnerabilities allow an attacker to execute arbitrary commands on the underlying operating system with the privileges of the vulnerable service. In this case, the Telnet function does not properly sanitize user input, enabling remote attackers to inject and execute malicious commands without any authentication or user interaction. The CVSS 3.1 base score of 9.8 reflects the severity: the vulnerability is remotely exploitable over the network (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability (C:H/I:H/A:H). Exploitation could lead to full system compromise, allowing attackers to control the router, intercept or manipulate network traffic, pivot to internal networks, or deploy persistent malware. Although no known exploits are currently reported in the wild, the high severity and ease of exploitation make this a significant threat. The lack of available patches at the time of publication increases the urgency for mitigation. The vulnerability affects a widely used consumer-grade router model, which is often deployed in home and small office environments, potentially exposing numerous endpoints to compromise.

For European organizations, the impact of this vulnerability can be substantial. Many small and medium enterprises (SMEs) and home offices in Europe rely on consumer-grade routers like the Tenda AC9 due to cost-effectiveness and ease of deployment. A compromised router can lead to interception of sensitive communications, unauthorized access to internal networks, and disruption of business operations. Given the critical nature of the vulnerability, attackers could leverage it to establish persistent footholds, conduct espionage, or launch further attacks such as ransomware or data exfiltration. The impact extends beyond confidentiality breaches to include integrity and availability, potentially causing network outages or manipulation of traffic. This is particularly concerning for sectors with stringent data protection requirements under GDPR, as breaches could result in regulatory penalties and reputational damage. Additionally, the vulnerability could be exploited to create botnets or launch distributed denial-of-service (DDoS) attacks, affecting broader internet infrastructure within Europe.

Organizations and users should immediately assess their network environments for the presence of Tenda AC9 routers running firmware version 15.03.05.14. Since no official patches are currently available, the following specific mitigations are recommended: 1) Disable Telnet service on the router if it is not strictly necessary, as this is the attack vector. 2) If Telnet must be used, restrict access to trusted IP addresses only via firewall rules or router access control lists. 3) Replace the vulnerable router with a model from a vendor with a strong security track record and timely patching policies. 4) Monitor network traffic for unusual activity indicative of exploitation attempts, such as unexpected outbound connections or command execution patterns. 5) Implement network segmentation to isolate vulnerable devices from critical infrastructure. 6) Regularly check for firmware updates from Tenda and apply them promptly once available. 7) Educate users about the risks of using default or outdated network equipment and encourage secure configuration practices. These targeted steps go beyond generic advice by focusing on the specific vulnerable component (Telnet) and the device model involved.