CVE-2025-45779 is a critical buffer overflow vulnerability affecting the Tenda AC10 router running firmware version V1.0re_V15.03.06.46. The vulnerability exists in the formSetPPTPUserList handler, specifically via the 'list' POST parameter. Buffer overflow vulnerabilities occur when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory. This can lead to arbitrary code execution, denial of service, or system compromise. In this case, the vulnerability allows an unauthenticated remote attacker to send a specially crafted POST request to the router's web interface, exploiting the buffer overflow to execute arbitrary code with the privileges of the affected service. The CVSS v3.1 score is 9.8 (critical), reflecting the vulnerability's high impact on confidentiality, integrity, and availability, combined with its ease of exploitation (network attack vector, no privileges or user interaction required). The vulnerability is classified under CWE-120 (Classic Buffer Overflow). No patches or mitigations have been published yet, and no known exploits are currently reported in the wild. However, given the critical severity and the nature of the vulnerability, exploitation could lead to full compromise of the router, allowing attackers to intercept, modify, or disrupt network traffic, pivot to internal networks, or launch further attacks on connected devices.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Tenda AC10 routers in their network infrastructure. Compromise of these routers could lead to interception of sensitive communications, unauthorized access to internal networks, and disruption of business operations. Small and medium enterprises (SMEs) and home office environments that use consumer-grade routers like the Tenda AC10 are particularly vulnerable due to typically weaker network segmentation and security monitoring. Critical infrastructure sectors that depend on reliable network connectivity could face operational disruptions if routers are exploited. Additionally, the lack of authentication requirement and the network-based attack vector mean that attackers can exploit this vulnerability remotely without prior access, increasing the threat surface. The potential for attackers to execute arbitrary code could also enable persistent backdoors, data exfiltration, or use of compromised routers as launch points for further attacks within European networks.

Given the absence of an official patch, European organizations should take immediate steps to mitigate risk. First, identify and inventory all Tenda AC10 routers running the vulnerable firmware version. Where possible, isolate these devices from untrusted networks and restrict management interfaces to trusted IP addresses only. Disable PPTP VPN services if not required, as the vulnerability resides in the PPTP user list handler. Employ network-level protections such as intrusion detection/prevention systems (IDS/IPS) to monitor and block suspicious POST requests targeting the router's web interface. Consider replacing vulnerable devices with more secure alternatives or updated firmware once available. Regularly monitor vendor communications for patches or advisories. Additionally, implement network segmentation to limit the impact of a compromised router and enforce strong network access controls. Educate users about the risks of using outdated or vulnerable network equipment and encourage timely updates.