CVE-2025-45841 is a medium-severity vulnerability identified in the TOTOLINK NR1800X router firmware version 9.1.0u.6681_B20230703. The flaw is an authenticated stack overflow occurring in the setSmsCfg function, specifically via the 'text' parameter. A stack overflow vulnerability arises when a program writes more data to a buffer located on the stack than it can hold, potentially overwriting adjacent memory. This can lead to unpredictable behavior, including crashes or execution of arbitrary code. In this case, the vulnerability requires authentication, meaning an attacker must have valid credentials to access the affected function. The CVSS 3.1 base score is 6.5, indicating a medium severity level, with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. This means the attack can be performed remotely over the network with low attack complexity, no privileges required (though the description states authentication is needed, which may indicate a discrepancy or that authentication is minimal or bypassable), no user interaction, and impacts confidentiality and integrity to a limited extent but does not affect availability. The vulnerability is categorized under CWE-121 (Stack-based Buffer Overflow), a common and dangerous class of vulnerabilities. No known exploits are currently reported in the wild, and no patches or vendor advisories are linked yet. The TOTOLINK NR1800X is a consumer-grade Wi-Fi 6 router, often used in home and small office environments. The setSmsCfg function suggests the device supports SMS configuration or management, possibly for remote management or notifications, which could be an attack vector for an authenticated user to exploit this overflow to escalate privileges or execute arbitrary code on the device.

For European organizations, the impact of this vulnerability depends largely on the deployment of TOTOLINK NR1800X routers within their networks. While primarily a consumer or small office device, some small businesses or branch offices may use this router model. Exploitation could allow an attacker with valid credentials to execute arbitrary code or manipulate router configurations, potentially leading to interception or redirection of network traffic, leakage of sensitive information, or disruption of network services. The limited confidentiality and integrity impact indicated by the CVSS suggests that while full system compromise is less likely, attackers could still gain footholds for lateral movement or persistent access. Given the router’s role as a network gateway, compromise could undermine perimeter security, enabling further attacks against internal systems. For larger enterprises and critical infrastructure in Europe, the direct impact may be limited unless these devices are present in their environments. However, the vulnerability highlights risks in supply chain and endpoint security, emphasizing the need for vigilance in device management and firmware updates.

1. Immediate mitigation should include restricting access to the router’s management interface to trusted networks and users only, minimizing the attack surface. 2. Enforce strong authentication mechanisms and change default credentials to prevent unauthorized access. 3. Monitor network traffic and device logs for unusual activity related to SMS configuration or management functions. 4. Since no patch is currently available, consider isolating affected devices from critical network segments until a vendor update is released. 5. Engage with TOTOLINK or authorized distributors to obtain firmware updates or security advisories addressing this vulnerability. 6. Implement network segmentation to limit the impact of any potential compromise of these devices. 7. Conduct regular vulnerability assessments and penetration testing focusing on network devices to identify similar issues proactively. 8. Educate users and administrators about the risks of authenticated vulnerabilities and the importance of credential security.