CVE-2025-57072 is a stack overflow vulnerability identified in the Tenda G3 router firmware version 3.0br_V15.11.0.17. The flaw resides in the handling of the staticRouteGateway parameter within the formSetStaticRoute function. Specifically, the vulnerability occurs when an attacker sends a crafted request that manipulates the staticRouteGateway parameter, causing a stack overflow condition. This type of memory corruption can lead to a Denial of Service (DoS) by crashing the device or causing it to become unresponsive. The vulnerability does not appear to allow for remote code execution or privilege escalation based on the available information, but the DoS impact alone can disrupt network connectivity. No CVSS score has been assigned yet, and no known exploits have been reported in the wild. The vulnerability affects a specific firmware version of the Tenda G3 router, a consumer-grade networking device commonly used for home and small office internet access. The lack of patch information suggests that a fix may not yet be available, increasing the urgency for affected users to apply any forthcoming updates or implement mitigations. The vulnerability requires an attacker to send a specially crafted request to the router’s management interface, which may be accessible remotely if the device is misconfigured or exposed to the internet. This increases the attack surface, especially for devices with default or weak security settings.

For European organizations, the impact of this vulnerability primarily concerns network availability and operational continuity. Tenda routers are widely used in residential and small business environments across Europe, meaning that compromised devices could disrupt internet access and internal network routing. This could lead to productivity losses, interruption of business-critical communications, and potential cascading effects on connected systems reliant on stable network infrastructure. While the vulnerability does not currently indicate data breach risks or integrity compromise, the denial of service could be exploited as part of a larger attack campaign targeting network infrastructure. Organizations relying on Tenda G3 routers without proper network segmentation or exposure controls may face increased risk. Additionally, service providers or managed service providers (MSPs) using these devices in customer premises equipment (CPE) roles could see customer impact and reputational damage if devices become non-functional due to exploitation.

1. Immediate network segmentation: Isolate Tenda G3 routers from critical infrastructure and sensitive networks to limit the impact of any potential DoS. 2. Restrict management interface access: Ensure that the router’s management interface is not exposed to the public internet. Use firewall rules or VPNs to limit access only to trusted administrators. 3. Monitor network traffic for anomalous requests targeting staticRouteGateway parameters or unusual management interface activity. 4. Apply firmware updates promptly once a patch is released by Tenda. Regularly check vendor advisories for updates related to this vulnerability. 5. Employ network-level DoS protection mechanisms such as rate limiting or intrusion prevention systems (IPS) to detect and block malformed requests. 6. Educate users and administrators about the risks of default credentials and encourage strong password policies to reduce the risk of unauthorized access. 7. Consider replacing vulnerable devices with alternative hardware if patches are delayed or unavailable, especially in critical environments.