CVE-2025-5978 is a critical security vulnerability identified in the Tenda FH1202 router, specifically version 1.2.0.14. The flaw exists in the fromVirtualSer function within the /goform/VirtualSer endpoint. This vulnerability is a stack-based buffer overflow caused by improper handling of the 'page' argument, which can be manipulated by an attacker. Because the vulnerability is remotely exploitable without requiring user interaction or elevated privileges, an attacker can send specially crafted requests to the affected router to trigger the overflow. This can lead to arbitrary code execution or cause the device to crash, resulting in denial of service. The CVSS 4.0 score of 8.7 (high severity) reflects the ease of exploitation (network attack vector, low complexity, no privileges or user interaction needed) and the significant impact on confidentiality, integrity, and availability. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the risk of active exploitation. The vulnerability affects a widely deployed consumer-grade router model, which is often used in home and small office environments. The lack of an official patch or mitigation from the vendor at the time of disclosure further exacerbates the risk. Attackers exploiting this vulnerability could gain control over the device, intercept or manipulate network traffic, or disrupt network connectivity.

For European organizations, the impact of this vulnerability can be substantial, especially for small and medium enterprises (SMEs) and remote workers relying on Tenda FH1202 routers for internet connectivity. Compromise of these routers could lead to unauthorized access to internal networks, interception of sensitive data, and disruption of business operations through denial of service. Given the router's role as a network gateway, successful exploitation could also serve as a foothold for lateral movement within corporate networks or as a launchpad for broader attacks. The confidentiality of communications could be severely impacted, and the integrity of transmitted data compromised. Additionally, availability issues caused by device crashes or reboots could interrupt critical business functions. The risk extends to home offices supporting European businesses, where such devices are commonly used without stringent security controls. The public availability of exploit code increases the likelihood of opportunistic attacks targeting vulnerable devices across Europe.

Organizations and individuals using the Tenda FH1202 version 1.2.0.14 should immediately assess their exposure to this vulnerability. Since no official patch is currently available, the following specific mitigations are recommended: 1) Disable remote management interfaces on the router to prevent external exploitation; 2) Restrict access to the router's administrative interface to trusted internal IP addresses only; 3) Monitor network traffic for unusual requests targeting the /goform/VirtualSer endpoint; 4) Replace or upgrade affected devices to models with updated firmware that addresses this vulnerability as soon as a patch is released; 5) Employ network segmentation to isolate vulnerable devices from critical infrastructure; 6) Use intrusion detection/prevention systems (IDS/IPS) with signatures for this vulnerability once available; 7) Educate users about the risks of using outdated router firmware and encourage regular updates; 8) Consider deploying additional endpoint security controls to detect anomalous behavior resulting from router compromise.