CVE-2025-45845 is a high-severity vulnerability identified in the TOTOLINK NR1800X router firmware version 9.1.0u.6681_B20230703. The flaw is an authenticated stack overflow triggered via the 'ssid5g' parameter within the setWiFiEasyGuestCfg function. This vulnerability falls under CWE-121, which corresponds to a classic stack-based buffer overflow. Exploitation requires an attacker to have authenticated access to the device, meaning they must already have some level of legitimate access, such as through valid credentials or an authenticated session. Once exploited, the attacker can cause arbitrary code execution with the privileges of the affected process, potentially leading to full compromise of the router's firmware. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, and no user interaction required. The vulnerability allows an attacker to overwrite the stack memory by sending a specially crafted value to the ssid5g parameter, which is used to configure the 5 GHz SSID for the guest WiFi network. This can lead to memory corruption, enabling execution of malicious payloads or causing denial of service. No public exploits are known at this time, and no patches have been linked yet. However, the presence of this vulnerability in a widely deployed consumer and small business router model poses a significant risk, especially if attackers gain authenticated access through weak or default credentials or other means. The vulnerability's exploitation could allow attackers to intercept or manipulate network traffic, pivot into internal networks, or disrupt network availability.

For European organizations, especially small and medium enterprises (SMEs) and home office environments relying on TOTOLINK NR1800X routers, this vulnerability presents a critical risk. Compromise of the router can lead to interception of sensitive communications, unauthorized network access, and potential lateral movement into corporate networks. Given the router’s role as a network gateway, attackers could manipulate DNS settings, redirect traffic, or deploy malware within the internal network. This can result in data breaches, loss of confidentiality, and disruption of business operations. The high severity and ease of exploitation (once authenticated) mean that organizations with weak router credential management or exposed management interfaces are particularly vulnerable. Additionally, the lack of a patch increases the window of exposure. The impact extends to availability as successful exploitation can cause device crashes or reboots, disrupting internet connectivity. For organizations in regulated sectors such as finance, healthcare, or critical infrastructure within Europe, this vulnerability could lead to compliance violations and significant operational risks.

1. Immediately audit and strengthen authentication mechanisms on TOTOLINK NR1800X routers: change default credentials, enforce strong passwords, and disable remote management interfaces if not required. 2. Restrict administrative access to the router to trusted internal networks only, using network segmentation and access control lists. 3. Monitor router logs for unusual configuration changes or repeated failed authentication attempts that could indicate exploitation attempts. 4. Until a vendor patch is released, consider temporarily disabling the guest WiFi 5 GHz network or the setWiFiEasyGuestCfg functionality if possible to reduce attack surface. 5. Employ network intrusion detection systems (NIDS) to detect anomalous traffic patterns or exploitation attempts targeting the router. 6. Keep firmware updated and subscribe to vendor security advisories to apply patches promptly once available. 7. Educate users and administrators on the risks of using default credentials and the importance of secure router configuration. 8. For critical environments, consider replacing affected devices with models from vendors with active security support and patch management.