CVE-2025-60338 is a stack overflow vulnerability identified in the Tenda AC6 V2.0 router firmware version 15.03.06.50. The flaw resides in the DhcpListClient function, specifically in the handling of the 'page' parameter. An attacker can send specially crafted input to this parameter, causing a stack overflow condition. This overflow can lead to a Denial of Service (DoS) by crashing or rebooting the device, disrupting network availability. The vulnerability does not require authentication, meaning an attacker with network access to the router's management interface can exploit it remotely. No known exploits have been reported in the wild, and no official patches or mitigations have been released at the time of publication. The lack of a CVSS score indicates this is a newly disclosed vulnerability, but the technical details suggest a significant risk to network stability. The affected device, Tenda AC6, is a popular consumer-grade Wi-Fi 6 router commonly used in home and small office environments. The vulnerability's exploitation could interrupt internet connectivity and internal network operations, impacting business continuity and productivity. The absence of authentication requirements and the direct impact on device availability make this a critical concern for network administrators. Organizations relying on Tenda AC6 routers should prioritize monitoring for firmware updates and consider immediate network access restrictions to mitigate potential exploitation.

For European organizations, the primary impact of CVE-2025-60338 is the potential for Denial of Service attacks that disrupt network availability. This can lead to loss of internet connectivity, interruption of business operations, and reduced productivity, especially for small and medium-sized enterprises (SMEs) and remote workers relying on Tenda AC6 routers. The vulnerability could also be leveraged as a foothold for further attacks if attackers gain persistent access through network disruptions. Critical services dependent on stable network infrastructure may experience outages, affecting customer service and internal communications. The disruption could also increase operational costs due to downtime and incident response efforts. Given that Tenda routers are often used in less-secure home or branch office environments, the risk of exploitation may be higher in decentralized or hybrid work setups common in Europe. Additionally, the lack of patches increases the window of exposure, emphasizing the need for proactive mitigation. The impact is primarily on availability, with no direct indication of confidentiality or integrity compromise, but the operational disruption alone can have significant business consequences.

1. Immediately restrict access to the router's management interface by limiting it to trusted IP addresses or disabling remote management if not required. 2. Implement network segmentation to isolate vulnerable devices from critical business systems and sensitive data. 3. Monitor network traffic for unusual patterns that may indicate exploitation attempts targeting the DhcpListClient function. 4. Regularly check Tenda's official channels for firmware updates or security advisories addressing this vulnerability and apply patches promptly once available. 5. For organizations using Tenda AC6 routers in critical environments, consider temporary replacement with alternative hardware until a patch is released. 6. Educate users and IT staff about the vulnerability and the importance of securing home and branch office networking equipment. 7. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting malformed DHCP requests or stack overflow attempts. 8. Maintain robust backup and recovery procedures to minimize downtime in case of successful exploitation. These measures go beyond generic advice by focusing on access control, network architecture, and proactive monitoring tailored to the specific vulnerability context.