CVE-2025-7854 is a critical stack-based buffer overflow vulnerability identified in the Tenda FH451 router, specifically in version 1.0.0.9. The flaw resides in the fromVirtualSer function within the /goform/VirtualSer endpoint. The vulnerability arises due to improper handling of the 'page' argument, which can be manipulated by an attacker to overflow the stack buffer. This overflow can lead to arbitrary code execution or cause the device to crash, resulting in denial of service. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, making it highly dangerous. The CVSS 4.0 base score is 8.7, reflecting high severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability impacts the confidentiality, integrity, and availability of the affected device, as an attacker could execute arbitrary code to compromise the router’s functions or disrupt network connectivity. Although no public exploits are currently known in the wild, the exploit code has been disclosed publicly, increasing the risk of exploitation. The lack of available patches at the time of disclosure further elevates the threat level for users of this device. Given the critical role routers play in network infrastructure, exploitation could allow attackers to intercept, manipulate, or disrupt network traffic for connected systems.

For European organizations, this vulnerability poses a significant risk, especially for small and medium enterprises or home offices that rely on Tenda FH451 routers for internet connectivity. Successful exploitation could lead to full compromise of the router, enabling attackers to intercept sensitive communications, redirect traffic, or launch further attacks within the internal network. This could result in data breaches, loss of service, and potential regulatory non-compliance under GDPR if personal data is exposed. Critical infrastructure sectors that use such routers as part of their network edge devices could face operational disruptions. Additionally, the ease of remote exploitation without authentication means attackers can target vulnerable devices en masse, potentially leading to widespread outages or botnet recruitment. The absence of patches at disclosure time increases the window of exposure, making timely mitigation essential.

Organizations using Tenda FH451 version 1.0.0.9 should immediately assess their exposure and implement compensating controls. Since no official patch is available, network-level mitigations should be prioritized: restrict access to the router’s management interface from untrusted networks by implementing firewall rules or network segmentation; disable remote management features if not required; monitor network traffic for unusual activity targeting the /goform/VirtualSer endpoint; employ intrusion detection/prevention systems with signatures for buffer overflow attempts. Additionally, organizations should consider replacing affected devices with models from vendors that provide timely security updates. Regularly checking for firmware updates from Tenda and applying them promptly once available is critical. Network administrators should also enforce strong network access controls and maintain up-to-date asset inventories to quickly identify vulnerable devices. Finally, educating users about the risks and signs of router compromise can aid in early detection.