CVE-2025-45429 is a critical stack overflow vulnerability identified in the Tenda AC9 v1.0 router firmware version V15.03.05.14_multi. The vulnerability exists in the /goform/WifiWpsStart endpoint, which is part of the router's web interface handling Wi-Fi Protected Setup (WPS) initiation. A stack overflow occurs when the input data exceeds the buffer capacity on the stack, potentially overwriting adjacent memory and enabling an attacker to execute arbitrary code remotely. This vulnerability does not require any authentication or user interaction, making it highly exploitable over the network. The CVSS v3.1 base score of 9.8 reflects the critical nature of this flaw, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact covers confidentiality, integrity, and availability, allowing full system compromise. Although no known exploits are currently reported in the wild, the vulnerability’s characteristics make it a prime candidate for exploitation by attackers aiming to gain persistent control over affected routers. The CWE-121 classification confirms this is a classic stack-based buffer overflow issue, a well-understood and dangerous vulnerability type. Given the router’s role as a network gateway device, successful exploitation could allow attackers to intercept, manipulate, or disrupt network traffic, launch further attacks on internal networks, or use the device as a foothold for broader compromise.

For European organizations, the exploitation of this vulnerability could lead to severe consequences. Compromised routers can serve as entry points for attackers to infiltrate corporate or home networks, potentially leading to data breaches, espionage, or disruption of critical services. The confidentiality of sensitive data transmitted through the network could be compromised, integrity of communications altered, and availability of network services disrupted. Small and medium enterprises (SMEs) and residential users relying on Tenda AC9 routers may be particularly vulnerable due to limited IT security resources and delayed patching. Additionally, sectors with high reliance on secure communications such as finance, healthcare, and critical infrastructure could face increased risks if these routers are deployed within their environments. The lack of authentication and user interaction requirements means that attackers can exploit the vulnerability remotely and silently, increasing the risk of widespread compromise before detection. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the critical severity score indicates that rapid response is necessary to prevent potential attacks.

1. Immediate firmware update: Although no patch links are currently available, organizations and users should monitor Tenda’s official channels for firmware updates addressing this vulnerability and apply them promptly. 2. Network segmentation: Isolate vulnerable routers from critical network segments to limit potential lateral movement by attackers. 3. Disable WPS: If possible, disable the WPS feature on affected routers to reduce the attack surface, as the vulnerability is triggered via the WifiWpsStart endpoint. 4. Access control: Restrict access to the router’s management interface to trusted IP addresses or internal networks only, using firewall rules or router configuration settings. 5. Network monitoring: Deploy intrusion detection/prevention systems (IDS/IPS) to monitor for suspicious activity targeting the /goform/WifiWpsStart endpoint or unusual traffic patterns indicative of exploitation attempts. 6. Replace legacy devices: Consider replacing Tenda AC9 routers with models from vendors with strong security track records and active patch management if timely updates are unavailable. 7. User awareness: Educate users about the risks of using vulnerable routers and encourage prompt reporting of unusual network behavior. These measures combined can significantly reduce the risk of exploitation until an official patch is released and deployed.