CVE-2025-7544 is a critical stack-based buffer overflow vulnerability identified in the Tenda AC1206 router, specifically affecting firmware version 15.03.06.23. The vulnerability resides in the function formSetMacFilterCfg within the /goform/setMacFilterCfg endpoint. The issue arises due to improper handling and validation of the deviceList argument, which an attacker can manipulate to overflow the stack buffer. This overflow can lead to arbitrary code execution or cause the device to crash, resulting in denial of service. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, making it highly dangerous. The CVSS v4.0 score of 8.7 (high severity) reflects the ease of exploitation (network attack vector, low complexity), lack of authentication, and the significant impact on confidentiality, integrity, and availability. Although no public exploits are currently known to be actively used in the wild, the disclosure of the exploit details increases the risk of imminent attacks. The vulnerability affects a widely deployed consumer and small office/home office (SOHO) router model, which is often used as a gateway device, making it a critical point of compromise within affected networks.

For European organizations, this vulnerability poses a significant risk, especially for small and medium enterprises (SMEs) and residential users relying on Tenda AC1206 routers for internet connectivity. Successful exploitation could allow attackers to execute arbitrary code remotely, potentially gaining control over the router. This control could be leveraged to intercept, manipulate, or redirect network traffic, leading to data breaches, espionage, or disruption of business operations. The compromise of network infrastructure devices like routers can also serve as a foothold for lateral movement within corporate networks, escalating the severity of the impact. Given the critical role of routers in maintaining network availability, exploitation could cause denial of service, impacting business continuity. Additionally, the vulnerability could be exploited to build botnets or launch further attacks such as distributed denial-of-service (DDoS) campaigns, which could affect broader internet infrastructure in Europe.

To mitigate this vulnerability, affected organizations should immediately verify if their Tenda AC1206 routers are running firmware version 15.03.06.23 and prioritize upgrading to a patched firmware version once released by the vendor. In the absence of an official patch, organizations should restrict remote access to the router's management interface by disabling remote administration features and limiting access to trusted IP addresses only. Network segmentation should be enforced to isolate vulnerable devices from critical infrastructure. Employing network intrusion detection/prevention systems (IDS/IPS) with signatures for buffer overflow attempts targeting the /goform/setMacFilterCfg endpoint can help detect and block exploitation attempts. Regular monitoring of router logs for unusual activity related to MAC filter configuration changes is recommended. Additionally, organizations should consider replacing outdated or unsupported devices with models that receive timely security updates. Vendor engagement and participation in coordinated vulnerability disclosure programs can also accelerate patch availability.