CVE-2025-4810 is a critical stack-based buffer overflow vulnerability identified in the Tenda AC7 router firmware version 15.03.06.44. The flaw resides in the function formSetRebootTimer within the /goform/SetRebootTimer endpoint. Specifically, the vulnerability arises from improper handling of the reboot_time argument, which can be manipulated by an attacker to overflow the stack buffer. This overflow can lead to arbitrary code execution or cause the device to crash, resulting in denial of service. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, making it highly dangerous. The CVSS v4.0 score of 8.7 reflects the high severity, with metrics indicating network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no public exploit is currently known to be actively used in the wild, the exploit code has been disclosed publicly, increasing the risk of imminent attacks. The vulnerability affects only the specified firmware version 15.03.06.44 of the Tenda AC7 router, a consumer-grade networking device commonly used for home and small office internet connectivity. The lack of an official patch link suggests that a fix may not yet be available, emphasizing the urgency for mitigation.

For European organizations, this vulnerability poses a significant risk, especially for small businesses and home office setups relying on Tenda AC7 routers. Successful exploitation could allow attackers to gain control over the router, intercept or manipulate network traffic, and potentially pivot to internal networks, compromising sensitive data and disrupting operations. The high impact on confidentiality, integrity, and availability means that data breaches, network outages, and persistent unauthorized access are plausible consequences. Given the remote exploitability without authentication, attackers can launch attacks from anywhere, increasing the threat surface. Critical infrastructure or organizations with less mature network security practices that use these routers as part of their network perimeter are particularly vulnerable. Additionally, the public disclosure of exploit code increases the likelihood of automated attacks targeting vulnerable devices across Europe.

Immediate mitigation steps include isolating Tenda AC7 routers running firmware version 15.03.06.44 from untrusted networks and restricting access to the /goform/SetRebootTimer endpoint via firewall rules or network segmentation. Network administrators should monitor router logs for suspicious requests targeting the reboot_time parameter. Since no official patch is currently available, organizations should consider temporary replacement of affected devices with alternative hardware or downgrade to a known secure firmware version if feasible. Enabling network-level intrusion detection systems (IDS) to detect buffer overflow attempts and blocking suspicious traffic patterns can reduce risk. Users should subscribe to Tenda’s security advisories for updates and apply firmware patches immediately upon release. Additionally, disabling remote management features on these routers can reduce exposure. Regular network scans to identify vulnerable devices and prompt remediation are recommended.