The vulnerability identified as CVE-2025-60337 affects the Tenda AC6 V2.0 router firmware version 15.03.06.50. It arises from a buffer overflow condition in the speed_dir parameter within the SetSpeedWan function. Buffer overflow vulnerabilities occur when input data exceeds the allocated buffer size, overwriting adjacent memory and potentially causing unpredictable behavior. In this case, an attacker can craft a malicious input to the speed_dir parameter that triggers the overflow, leading to a Denial of Service (DoS) by crashing or destabilizing the router's firmware. This disrupts the router's ability to manage WAN speed settings, effectively impacting network availability for connected users. The vulnerability does not require authentication, meaning an attacker can exploit it remotely if the affected service is exposed. No known exploits have been reported in the wild yet, and no official patch or CVSS score has been published. However, the nature of the vulnerability and its impact on network availability make it a significant concern. The lack of a patch means that affected users must rely on network-level mitigations or device isolation to prevent exploitation. The Tenda AC6 is a popular SOHO router model, often deployed in small businesses and residential environments, which may lack robust security monitoring, increasing the risk of unnoticed exploitation attempts.

For European organizations, especially small and medium enterprises (SMEs) and residential users relying on Tenda AC6 routers, this vulnerability poses a risk of network disruption through Denial of Service attacks. Such outages can interrupt business operations, degrade productivity, and impact services dependent on stable internet connectivity. Critical infrastructure or teleworking setups using these routers could experience connectivity loss, affecting remote work and communication. The vulnerability's ease of exploitation without authentication increases the attack surface, particularly if the device's management interface or WAN port is exposed to untrusted networks. While no data confidentiality or integrity compromise is indicated, the availability impact alone can have cascading effects on business continuity. Organizations with limited IT resources may find it challenging to detect or respond to exploitation attempts promptly. The absence of a patch at this time necessitates proactive mitigation to reduce exposure.

1. Monitor vendor communications closely for firmware updates addressing this vulnerability and apply patches immediately upon release. 2. Restrict access to router management interfaces by disabling remote WAN-side management and limiting access to trusted internal networks only. 3. Implement network segmentation to isolate vulnerable routers from critical systems and sensitive data. 4. Deploy intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect anomalous traffic targeting the speed_dir parameter or unusual WAN speed configuration requests. 5. Use firewall rules to block unsolicited inbound traffic to the router's management ports from untrusted networks. 6. Regularly audit network devices for firmware versions and replace outdated or unsupported hardware where feasible. 7. Educate users about the risks of exposing network devices to the internet and encourage secure configuration practices. 8. Consider temporary network-level mitigations such as rate limiting or traffic filtering until a patch is available.