CVE-2025-9523 is a critical stack-based buffer overflow vulnerability found in the Tenda AC1206 router, specifically in firmware version 15.03.06.23. The flaw exists in the function GetParentControlInfo within the /goform/GetParentControlInfo endpoint. This function improperly handles the 'mac' argument, allowing an attacker to manipulate this input to overflow the stack buffer. Because the vulnerability is remotely exploitable without any authentication or user interaction, an attacker can send specially crafted requests to the affected router to trigger the overflow. This can lead to arbitrary code execution, potentially allowing full control over the device. The CVSS 4.0 score of 9.3 reflects the critical nature of this vulnerability, with attack vector being network-based (AV:N), no required privileges (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). The exploit code is publicly available, increasing the risk of widespread exploitation. Although no known exploits in the wild have been reported yet, the presence of public exploit code significantly raises the threat level. The vulnerability affects a widely deployed consumer and small office router model, which is often used as a gateway device, making it a valuable target for attackers aiming to compromise network infrastructure or launch further attacks within a network.

For European organizations, this vulnerability poses a significant risk, especially for small and medium enterprises (SMEs) and home office setups that commonly use consumer-grade routers like the Tenda AC1206. Successful exploitation can lead to full compromise of the router, allowing attackers to intercept, modify, or redirect network traffic, deploy malware, or establish persistent backdoors. This undermines confidentiality by exposing sensitive communications, integrity by enabling traffic manipulation, and availability by potentially causing device crashes or denial of service. Given the router's role as a network gateway, attackers could pivot to internal networks, compromising additional systems. The lack of authentication and user interaction requirements means attacks can be automated and launched at scale, increasing the risk of widespread impact. Additionally, critical infrastructure or organizations with remote workers relying on such routers may face operational disruptions and data breaches. The public availability of exploit code further elevates the threat, necessitating urgent mitigation to prevent exploitation within European networks.

1. Immediate firmware upgrade: Organizations and users should check for and apply any firmware updates released by Tenda addressing this vulnerability. If no official patch is available, consider contacting Tenda support for guidance or timelines. 2. Network segmentation: Isolate vulnerable devices from critical network segments to limit potential lateral movement in case of compromise. 3. Disable remote management: If remote management features are enabled on the router, disable them to reduce exposure to external attacks. 4. Implement firewall rules: Restrict inbound traffic to the router’s management interfaces, allowing access only from trusted IP addresses or internal networks. 5. Monitor network traffic: Deploy intrusion detection/prevention systems (IDS/IPS) to detect anomalous traffic patterns or known exploit signatures targeting this vulnerability. 6. Replace devices: For high-risk environments, consider replacing vulnerable Tenda AC1206 routers with devices from vendors with a stronger security track record and timely patching. 7. User awareness: Educate users about the risks of using outdated firmware and encourage regular updates and secure configuration practices. 8. Vendor engagement: Encourage Tenda to release patches promptly and provide clear communication about the vulnerability and remediation steps.