CVE-2025-60663 is a stack overflow vulnerability identified in the Tenda AC18 router firmware version V15.03.05.19. The flaw exists in the function fromAdvSetMacMtuWan, specifically triggered by the wanMTU parameter. A stack overflow occurs when more data is written to a buffer located on the stack than it can hold, potentially overwriting adjacent memory. This can lead to arbitrary code execution, denial of service, or system crashes. The vulnerability arises due to insufficient input validation or improper handling of the wanMTU parameter, allowing an attacker to craft malicious input that overflows the stack buffer. Exploitation would likely require network access to the router's management interface or WAN interface, depending on how the parameter is exposed. No known exploits are currently reported in the wild, and no patches or fixes have been published yet. The lack of a CVSS score indicates that the vulnerability is newly disclosed and not yet fully assessed. However, given the nature of stack overflows and the critical role of routers in network infrastructure, this vulnerability represents a significant security risk if exploited.

For European organizations, this vulnerability poses a substantial risk to network security and operational continuity. Routers like the Tenda AC18 are often deployed in small to medium-sized enterprises and home office environments, serving as gateways to the internet and internal networks. Successful exploitation could allow attackers to execute arbitrary code on the device, potentially gaining control over network traffic, intercepting sensitive data, or launching further attacks within the network. This could lead to data breaches, disruption of business operations, and compromise of confidentiality, integrity, and availability of organizational resources. Additionally, compromised routers can be leveraged as entry points for lateral movement or as part of botnets for distributed denial-of-service (DDoS) attacks. The absence of patches increases the urgency for organizations to implement interim protective measures. Given the critical infrastructure role of routers, the impact extends beyond individual organizations to potentially affect supply chains and critical services.

Organizations should immediately inventory their network devices to identify any Tenda AC18 routers running firmware version V15.03.05.19. Until an official patch is released, it is advisable to restrict access to the router's management interfaces, especially from untrusted networks. Network segmentation should be enforced to isolate vulnerable devices from critical systems. Implement strict firewall rules to limit WAN-side access to the router's configuration services. Monitoring network traffic for unusual activity or signs of exploitation attempts targeting the wanMTU parameter is recommended. If feasible, consider replacing vulnerable devices with models from vendors with a strong security track record or those that have released patches. Regularly check for firmware updates from Tenda and apply them promptly once available. Additionally, educating IT staff about this vulnerability and encouraging vigilance for related threat intelligence will enhance preparedness.