CVE-2025-7549 is a critical stack-based buffer overflow vulnerability identified in the Tenda FH1201 router, specifically in firmware version 1.2.0.14(408). The vulnerability resides in the function frmL7ProtForm within the /goform/L7Prot endpoint. The issue arises due to improper handling of the 'page' argument, which can be manipulated remotely by an attacker to overflow the stack buffer. This overflow can lead to arbitrary code execution or cause the device to crash, potentially resulting in denial of service. The vulnerability is remotely exploitable without requiring user interaction or authentication, increasing its risk profile. The CVSS 4.0 base score is 8.7 (high severity), reflecting the ease of exploitation (network attack vector, low attack complexity, no privileges or user interaction required) and the high impact on confidentiality, integrity, and availability. Although no public exploits are currently known to be in the wild, the exploit code has been disclosed publicly, which raises the likelihood of exploitation attempts. The vulnerability affects a widely deployed consumer-grade router model, which is often used in home and small office networks, potentially exposing a large attack surface if unpatched. The lack of an official patch link indicates that mitigation may currently rely on workarounds or vendor updates pending release.

For European organizations, especially small businesses and home office environments that utilize Tenda FH1201 routers, this vulnerability poses a significant risk. Successful exploitation could allow attackers to gain control over the router, intercept or manipulate network traffic, and pivot into internal networks, compromising sensitive data and disrupting operations. The impact extends to confidentiality (data interception), integrity (traffic manipulation), and availability (device crashes or denial of service). Given the router's role as a network gateway, exploitation could facilitate broader attacks such as man-in-the-middle, network reconnaissance, or lateral movement within corporate networks. The risk is heightened in remote work scenarios prevalent in Europe, where home routers serve as critical infrastructure for accessing corporate resources. Additionally, the absence of authentication and user interaction requirements means attackers can launch attacks at scale, potentially targeting multiple vulnerable devices across organizations.

European organizations should immediately inventory their network devices to identify any Tenda FH1201 routers running the affected firmware version 1.2.0.14(408). Until an official patch is released, organizations should consider the following specific mitigations: 1) Restrict remote access to router management interfaces by disabling WAN-side administration or limiting access to trusted IP addresses via firewall rules. 2) Implement network segmentation to isolate vulnerable routers from critical internal systems, reducing potential lateral movement. 3) Monitor network traffic for unusual activity targeting the /goform/L7Prot endpoint or anomalous requests containing the 'page' parameter. 4) Encourage users to upgrade to newer firmware versions once available and verify firmware authenticity to prevent supply chain attacks. 5) Where possible, replace vulnerable devices with models from vendors with a stronger security track record or with active patch support. 6) Employ intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect exploitation attempts targeting this vulnerability. 7) Educate IT staff and users about the risks of remote exploitation and the importance of securing home network devices, especially in remote work contexts.