CVE-2025-55606 is a critical buffer overflow vulnerability identified in the Tenda AX3 router firmware version V16.03.12.10_CN. The flaw exists in the fromAdvSetMacMtuWan function, specifically triggered via the serverName parameter. Buffer overflow vulnerabilities occur when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory. This can lead to arbitrary code execution, denial of service, or system compromise. In this case, the vulnerability is remotely exploitable without any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The vulnerability affects the confidentiality, integrity, and availability of the device, with a CVSS score of 9.8 (critical). The CWE classification is CWE-120, which corresponds to classic buffer overflow issues. Although no known exploits are currently reported in the wild, the severity and ease of exploitation make this a significant risk. The affected firmware version is specific to the Chinese market (noted by the _CN suffix), but the Tenda AX3 model is sold internationally, including Europe. The lack of available patches at the time of publication increases the urgency for mitigation. Attackers exploiting this vulnerability could gain control over the router, intercept or manipulate network traffic, or disrupt network availability.

For European organizations, this vulnerability poses a substantial risk, especially for those using Tenda AX3 routers in their network infrastructure. Compromise of these routers could lead to unauthorized access to internal networks, interception of sensitive data, and disruption of business operations. Given the router's role as a gateway device, exploitation could facilitate lateral movement within corporate networks or enable man-in-the-middle attacks. Small and medium enterprises (SMEs) and home offices using this router model are particularly vulnerable due to potentially less rigorous network security controls. The critical severity and remote exploitability mean attackers can compromise devices without user interaction, increasing the likelihood of automated attacks. Additionally, the absence of patches could lead to increased scanning and exploitation attempts. The impact extends to confidentiality (data interception), integrity (traffic manipulation), and availability (denial of service or device crash).

1. Immediate mitigation should include isolating affected Tenda AX3 routers from critical network segments to limit potential damage. 2. Network administrators should monitor network traffic for unusual patterns or signs of compromise, such as unexpected connections or device reboots. 3. Employ network segmentation and firewall rules to restrict access to router management interfaces, especially from untrusted networks. 4. Disable remote management features if not required. 5. Regularly check for firmware updates from Tenda and apply patches promptly once available. 6. As a temporary workaround, if possible, restrict or sanitize inputs to the serverName parameter via network-level controls or router configuration. 7. Consider replacing vulnerable devices with alternative models from vendors with timely security support if patches are delayed. 8. Educate users and IT staff about the risks and signs of router compromise. 9. Implement intrusion detection/prevention systems (IDS/IPS) that can detect exploitation attempts targeting this vulnerability.