CVE-2025-60661 is a stack overflow vulnerability identified in the Tenda AC18 router firmware version V15.03.05.19. The flaw exists in the function fromAdvSetMacMtuWan, specifically triggered via the cloneType parameter. A stack overflow occurs when the application writes more data to a buffer located on the stack than it can hold, potentially overwriting adjacent memory and leading to unpredictable behavior. In this case, the cloneType parameter is improperly handled, allowing an attacker to craft malicious input that overflows the stack. This vulnerability could enable an attacker to execute arbitrary code with the privileges of the affected process, cause denial of service by crashing the device, or potentially escalate privileges if the router’s firmware does not implement adequate memory protection mechanisms. The vulnerability is present in a widely deployed consumer-grade router model, which is commonly used in home and small office environments. No CVSS score has been assigned yet, and no public exploits are currently known. The lack of a patch or mitigation details suggests that the vulnerability is newly disclosed and may not yet be addressed by the vendor. The stack overflow nature of the vulnerability indicates a high risk if exploited, especially since routers are critical network infrastructure devices that handle all inbound and outbound traffic. Exploitation could allow attackers to intercept or manipulate network traffic, disrupt internet connectivity, or use the compromised device as a foothold for further attacks within a network.

For European organizations, the impact of this vulnerability could be significant, particularly for small and medium enterprises (SMEs) and home office users relying on Tenda AC18 routers for internet connectivity. A successful exploit could lead to network outages, interception of sensitive communications, or unauthorized access to internal networks. This is especially critical for organizations handling personal data under GDPR regulations, as a breach could lead to data leakage and regulatory penalties. Additionally, compromised routers could be leveraged to launch further attacks such as lateral movement within corporate networks or as part of botnets for distributed denial-of-service (DDoS) attacks targeting European infrastructure. The disruption of network services could affect business continuity, remote work capabilities, and customer trust. Given the router’s role as a gateway device, the integrity and availability of network services are at risk, which could have cascading effects on operational technology and critical services.

Organizations and users should immediately verify if they are using the Tenda AC18 router with firmware version V15.03.05.19. Since no official patch is currently available, the following mitigations are recommended: 1) Restrict access to the router’s management interface to trusted networks and disable remote management features to reduce exposure to external attackers. 2) Monitor network traffic for unusual activity that could indicate exploitation attempts, including unexpected reboots or crashes of the router. 3) Consider replacing or upgrading to a different router model with a proven security track record if immediate patching is not possible. 4) Implement network segmentation to isolate critical systems from devices using vulnerable routers. 5) Keep abreast of vendor announcements for firmware updates addressing this vulnerability and apply patches promptly once available. 6) Employ intrusion detection/prevention systems (IDS/IPS) that can detect anomalous traffic patterns associated with exploitation attempts. 7) Educate users about the risks of using default credentials and encourage strong password policies to reduce the risk of unauthorized access.