CVE-2025-5799 is a critical stack-based buffer overflow vulnerability identified in the Tenda AC8 router firmware version 16.03.34.09. The vulnerability exists in the function fromSetWirelessRepeat within the /goform/WifiExtraSet endpoint. Specifically, the issue arises from improper handling of the 'wpapsk_crypto' argument, which can be manipulated by an attacker to overflow a stack buffer. This overflow can lead to arbitrary code execution or cause the device to crash, resulting in denial of service. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, making it highly dangerous. The CVSS 4.0 base score is 8.7 (high severity), reflecting the ease of exploitation (network attack vector, low complexity), no privileges or user interaction needed, and high impact on confidentiality, integrity, and availability. Although no public exploits are currently known to be actively used in the wild, the exploit code has been disclosed publicly, increasing the risk of imminent exploitation. The vulnerability affects a widely deployed consumer-grade router model, which is often used in home and small office environments, potentially exposing a large attack surface. The lack of an official patch or mitigation guidance from the vendor at the time of disclosure further exacerbates the risk.

For European organizations, especially small and medium enterprises (SMEs) and residential users relying on Tenda AC8 routers, this vulnerability poses a significant threat. Successful exploitation could allow attackers to gain unauthorized control over the router, enabling interception or manipulation of network traffic, deployment of malware, or pivoting into internal networks. This could lead to data breaches, disruption of business operations, and compromise of sensitive information. Given the router’s role as a network gateway, attackers could also launch further attacks against connected devices. The vulnerability’s remote exploitability without authentication means attackers can scan and target vulnerable devices en masse, increasing the likelihood of widespread impact. Additionally, critical infrastructure or organizations with remote sites using these routers may face operational disruptions. The absence of patches means organizations must rely on network-level mitigations, which may not be fully effective. The impact on confidentiality, integrity, and availability is high, potentially affecting compliance with European data protection regulations such as GDPR if personal data is compromised.

Immediate mitigation steps include isolating affected Tenda AC8 devices from critical networks and the internet where possible. Network administrators should implement strict firewall rules to block inbound traffic to the router’s management interfaces, especially the /goform/WifiExtraSet endpoint, if accessible externally. Deploy network intrusion detection/prevention systems (IDS/IPS) with signatures targeting this vulnerability or anomalous traffic patterns related to 'wpapsk_crypto' parameter manipulation. Organizations should monitor network traffic for unusual activity and scan their networks to identify devices running the vulnerable firmware version. Until an official patch is released, consider replacing vulnerable devices with models from vendors with timely security updates. Vendors and users should subscribe to security advisories for updates. Additionally, disabling remote management features on the router can reduce exposure. Regularly backing up router configurations and maintaining an inventory of network devices will aid in rapid response. Educating users about the risks and signs of compromise can also help in early detection.