CVE-2025-65222 is a buffer overflow vulnerability identified in the Tenda AC21 router firmware version V16.03.08.16. The vulnerability resides in the handling of the rebootTime parameter within the /goform/SetSysAutoRebbotCfg endpoint, which is part of the router’s web management interface. A buffer overflow occurs when the input to rebootTime exceeds the expected size, causing memory corruption. This can lead to a denial of service (DoS) condition by crashing or rebooting the device unexpectedly. The vulnerability does not require any authentication or user interaction, making it accessible to any attacker with network access to the router’s management interface, typically on the LAN side. The CVSS v3.1 score is 4.3 (medium), reflecting the fact that the vulnerability affects availability only (no confidentiality or integrity impact), has low attack complexity, and requires no privileges or user interaction. No known exploits have been reported in the wild, and no official patches have been released at the time of publication. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow), a common and well-understood software weakness. Exploitation could disrupt network services by causing router downtime, impacting connected devices and potentially interrupting business operations relying on stable network connectivity.

For European organizations, the primary impact of CVE-2025-65222 is the potential disruption of network availability due to router crashes or reboots. This can affect small and medium enterprises (SMEs) and home office environments where Tenda AC21 routers are deployed, leading to loss of internet connectivity and interruption of business-critical applications. While the vulnerability does not expose sensitive data or allow unauthorized control, the denial of service could degrade operational efficiency and cause downtime. In sectors relying on continuous network availability, such as financial services, healthcare, and manufacturing, even temporary outages can have significant operational and financial consequences. Additionally, the lack of patches increases the risk window until vendors release updates. The vulnerability could also be leveraged as part of a broader attack chain, for example, to facilitate lateral movement or distraction during more sophisticated intrusions.

1. Immediately restrict access to the router’s management interface by limiting it to trusted internal networks and disabling remote management if not required. 2. Implement network segmentation to isolate critical systems from devices running vulnerable firmware. 3. Monitor network traffic for unusual or malformed requests targeting /goform/SetSysAutoRebbotCfg or the rebootTime parameter. 4. Regularly check for firmware updates from Tenda and apply patches promptly once available. 5. Consider replacing vulnerable Tenda AC21 routers with models from vendors with stronger security track records if patching is delayed. 6. Employ intrusion detection/prevention systems (IDS/IPS) capable of detecting buffer overflow attempts or anomalous HTTP requests. 7. Educate IT staff about this specific vulnerability to ensure rapid response to any signs of exploitation attempts. 8. Maintain backups and redundancy for critical network infrastructure to minimize downtime impact.