CVE-2025-6113 is a critical buffer overflow vulnerability identified in the Tenda FH1203 router, specifically in firmware version 2.0.1.6. The flaw exists in the function fromadvsetlanip within the /goform/AdvSetLanip endpoint. This function processes the lanMask argument, and improper handling of this input leads to a buffer overflow condition. Because the vulnerability is remotely exploitable without authentication or user interaction, an attacker can send specially crafted requests to the affected router to trigger the overflow. This can result in arbitrary code execution, potentially allowing full control over the device. The vulnerability has a CVSS 4.0 score of 8.7 (high severity), reflecting its network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no public exploits are currently observed in the wild, the exploit details have been disclosed, increasing the risk of imminent exploitation. The absence of official patches or mitigation guidance from the vendor at this time further elevates the threat. Given that Tenda FH1203 routers are commonly deployed in small office and home office environments, exploitation could lead to network compromise, interception of sensitive data, or use of the device as a pivot point for lateral movement within corporate networks.

For European organizations, the impact of this vulnerability can be significant, especially for small and medium enterprises (SMEs) and remote workers relying on Tenda FH1203 routers for internet connectivity. Successful exploitation could lead to unauthorized access to internal networks, data exfiltration, disruption of network services, and potential deployment of malware or ransomware. The compromise of these routers could also facilitate man-in-the-middle attacks, undermining confidentiality and integrity of communications. Given the critical nature of the flaw and the lack of authentication requirements, attackers could target vulnerable devices en masse, leading to widespread service disruption. This is particularly concerning for sectors with high reliance on secure communications such as finance, healthcare, and critical infrastructure. Additionally, compromised routers could be recruited into botnets, amplifying threats to broader internet stability and security.

1. Immediate network segmentation: Isolate Tenda FH1203 devices from critical internal networks to limit potential lateral movement if compromised. 2. Disable remote management interfaces on affected routers to reduce exposure to external attacks. 3. Monitor network traffic for unusual patterns or signs of exploitation attempts targeting /goform/AdvSetLanip endpoints. 4. Implement strict firewall rules to restrict inbound access to router management ports from untrusted networks. 5. Where possible, replace Tenda FH1203 routers with alternative devices from vendors with active security support and patch availability. 6. If replacement is not immediately feasible, consider deploying virtual patching via intrusion prevention systems (IPS) to detect and block exploit attempts. 7. Engage with Tenda support channels to obtain any forthcoming patches or firmware updates and apply them promptly. 8. Educate users about the risks of using outdated or unsupported network devices and encourage regular device inventory and security assessments.