CVE-2025-60660 is a stack overflow vulnerability identified in the Tenda AC18 router firmware version V15.03.05.19. The flaw exists in the fromAdvSetMacMtuWan function, specifically triggered by the mac parameter. A stack overflow occurs when more data is written to a buffer located on the stack than it can hold, potentially overwriting adjacent memory. This can lead to unpredictable behavior including crashes, memory corruption, or arbitrary code execution. In this case, the vulnerability could allow an attacker to craft a malicious input for the mac parameter to overflow the stack, potentially enabling remote code execution or denial of service on the affected device. The lack of a CVSS score and absence of known exploits in the wild suggest this is a recently discovered vulnerability with limited public exploitation information. However, stack overflow vulnerabilities in network devices such as routers are critical due to their position as network gateways and their typical exposure to untrusted networks. The affected product, Tenda AC18, is a consumer-grade wireless router commonly used in home and small office environments. The vulnerability likely requires sending specially crafted network packets or requests to the router's management interface or network-facing services that invoke the vulnerable function. No patch or mitigation details are currently provided, indicating that users and administrators should exercise caution and monitor for updates from the vendor. Given the nature of the vulnerability, exploitation could compromise the confidentiality, integrity, and availability of the network traffic passing through the router, as well as potentially allow attackers to pivot into internal networks.

For European organizations, the impact of this vulnerability could be significant, especially for small and medium enterprises (SMEs) and home office users relying on Tenda AC18 routers. Successful exploitation could lead to unauthorized access to internal networks, interception or manipulation of sensitive data, and disruption of network services. This could result in data breaches, loss of business continuity, and potential regulatory non-compliance under GDPR if personal data is exposed. The router's role as a network gateway means that compromise could facilitate lateral movement within corporate networks or provide a foothold for further attacks. Additionally, the lack of patches increases the window of exposure. Organizations with remote or hybrid workforces using these routers at home may inadvertently introduce vulnerabilities into their corporate network perimeter. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, as proof-of-concept exploits could emerge rapidly after public disclosure.

1. Immediate mitigation should include isolating Tenda AC18 routers from untrusted networks and restricting remote management access to trusted IPs or VPNs only. 2. Network segmentation should be employed to limit the impact of a compromised router, ensuring that critical systems are not directly accessible through vulnerable devices. 3. Monitor network traffic for unusual activity that could indicate exploitation attempts, such as malformed packets targeting the mac parameter or unexpected router behavior. 4. Regularly check for firmware updates from Tenda and apply patches promptly once available. 5. Consider replacing affected routers with models from vendors with a strong security track record if patches are delayed. 6. Employ intrusion detection/prevention systems (IDS/IPS) capable of detecting exploitation attempts targeting known router vulnerabilities. 7. Educate users about the risks of using consumer-grade routers for business-critical functions and encourage secure configuration practices, including changing default credentials and disabling unnecessary services.