CVE-2025-45513 is a critical stack overflow vulnerability identified in the Tenda FH451 router firmware version 1.0.0.9. The vulnerability resides in the function P2pListFilter, which is likely involved in processing peer-to-peer network filtering or device discovery features. A stack overflow occurs when more data is written to a buffer located on the stack than it can hold, which can overwrite adjacent memory and lead to arbitrary code execution, denial of service, or system compromise. Given the CVSS 3.1 base score of 9.8, this vulnerability is remotely exploitable over the network (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), making it highly dangerous. The impact includes full confidentiality, integrity, and availability compromise (C:H/I:H/A:H). The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow), a common and severe class of memory corruption bugs. Although no known exploits are reported in the wild yet, the ease of exploitation and critical impact make this a high-priority issue. The lack of vendor or product details beyond the Tenda FH451 model and firmware version suggests limited public information, but the vulnerability's nature implies that attackers could execute arbitrary code remotely, potentially taking full control of affected devices. This could allow attackers to intercept or manipulate network traffic, pivot into internal networks, or disrupt network availability.

For European organizations, the impact of this vulnerability could be significant, especially for those using Tenda FH451 routers in their network infrastructure. Compromise of these devices could lead to unauthorized access to sensitive internal networks, interception of confidential communications, and disruption of business operations due to denial of service or device takeover. Small and medium enterprises (SMEs) and home offices, which often rely on consumer-grade routers like Tenda, are particularly at risk. Critical sectors such as finance, healthcare, and government agencies could face data breaches or operational disruptions if these devices are present in their network perimeter. Additionally, compromised routers could be leveraged as entry points for broader attacks or as part of botnets for distributed denial of service (DDoS) campaigns targeting European infrastructure. Given the remote and unauthenticated nature of the exploit, attackers can launch attacks at scale without requiring user interaction, increasing the threat surface.

1. Immediate identification and inventory of all Tenda FH451 routers within the organization’s network is essential. 2. Since no patch links are currently available, organizations should monitor Tenda’s official channels and trusted vulnerability databases for firmware updates addressing this vulnerability. 3. In the interim, restrict network exposure of affected devices by limiting remote management access and isolating these routers from critical network segments. 4. Employ network intrusion detection systems (NIDS) to monitor for anomalous traffic patterns or exploitation attempts targeting the P2pListFilter function or related services. 5. Implement strict firewall rules to block unsolicited inbound traffic to router management interfaces. 6. Consider replacing vulnerable devices with models from vendors with a strong security track record if patches are delayed. 7. Educate IT staff about the vulnerability and ensure incident response plans include steps to handle potential exploitation. 8. Regularly review router logs for signs of compromise and conduct penetration testing focused on router security.