CVE-2025-5080 is a critical security vulnerability identified in the Tenda FH451 router, specifically version 1.0.0.9. The flaw exists in the function webExcptypemanFilter located in the /goform/webExcptypemanFilter endpoint. The vulnerability arises from improper handling of the 'page' argument, which leads to a stack-based buffer overflow. This type of vulnerability allows an attacker to overwrite the stack memory, potentially enabling arbitrary code execution or causing a denial of service. The vulnerability is remotely exploitable without requiring user interaction or authentication, making it highly dangerous. The CVSS 4.0 base score is 8.7, indicating a high severity level. The vector details show that the attack can be launched over the network (AV:N), requires low attack complexity (AC:L), no privileges (PR:L) or user interaction (UI:N), and results in high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). Although no public exploits are currently known in the wild, the exploit code has been disclosed publicly, increasing the risk of exploitation. The vulnerability affects only the specific firmware version 1.0.0.9 of the Tenda FH451 device, which is a consumer-grade router commonly used in home and small office environments. The lack of available patches at the time of disclosure increases the urgency for mitigation and risk management.

For European organizations, the impact of this vulnerability can be significant, especially for small and medium enterprises (SMEs) and home office setups relying on Tenda FH451 routers for internet connectivity. Successful exploitation could allow attackers to execute arbitrary code remotely, leading to full compromise of the device. This could result in interception or manipulation of network traffic, lateral movement within internal networks, data exfiltration, or disruption of internet access. Critical infrastructure or organizations with remote workers using vulnerable devices are at heightened risk. The high impact on confidentiality, integrity, and availability means sensitive data could be exposed or altered, and network availability could be compromised. Additionally, the public disclosure of exploit code increases the likelihood of opportunistic attacks targeting unpatched devices across Europe.

Given the absence of an official patch at the time of disclosure, European organizations should take immediate steps to mitigate risk. First, identify and inventory all Tenda FH451 devices running firmware version 1.0.0.9 within the network. Where possible, isolate these devices from critical network segments or restrict remote management access to trusted IP addresses only. Employ network-level protections such as firewall rules to block access to the /goform/webExcptypemanFilter endpoint or the router's management interface from untrusted networks. Monitor network traffic for unusual activity indicative of exploitation attempts. Encourage users to update the router firmware as soon as a vendor patch becomes available. If firmware updates are delayed, consider replacing vulnerable devices with alternative models from vendors with timely security support. Additionally, implement network segmentation and use VPNs for remote access to reduce exposure. Regularly review vendor communications for patch releases and advisories.