📄 Description (English)
A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
🤖 AI Executive Summary
A critical stack-based buffer overflow vulnerability exists in Tenda W12 router firmware version 3.0.0.7(4763) affecting the WiFi MAC filter function. The vulnerability allows remote attackers to execute arbitrary code by sending specially crafted requests to the httpd service. With a CVSS score of 8.8 and public disclosure, this poses an immediate threat to organizations using Tenda equipment for network access control.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 5, 2026 12:48
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability directly impacts Saudi organizations using Tenda W12 routers for network perimeter security and access control. Primary affected sectors include: Banking and Financial Services (SAMA-regulated institutions using Tenda for branch/ATM network access), Government agencies (NCA, CITC, and ministry networks), Healthcare facilities (MOH hospitals and clinics), Telecommunications providers (STC, Mobily, Zain infrastructure), and Energy sector (ARAMCO and downstream operations). The vulnerability enables remote code execution on network edge devices, potentially allowing lateral movement into critical infrastructure networks. Organizations relying on Tenda equipment for MAC filtering-based access control face complete compromise of that security layer.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities
Telecommunications
Retail and E-commerce
Education
🎯 MITRE ATT&CK Techniques
T1190 - Exploit Public-Facing Application (httpd service)
T1068 - Exploitation for Privilege Escalation (buffer overflow to code execution)
T1543 - Create or Modify System Process (arbitrary code execution)
T1021 - Remote Services (remote exploitation capability)
T1059 - Command and Scripting Interpreter (post-exploitation code execution)
⚖️ Saudi Risk Score (AI)
8.6
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda W12 devices running firmware 3.0.0.7(4763) in your network using network scanning tools
2. Isolate affected devices from production networks if possible, or restrict access to the httpd management interface
3. Disable remote management access to the router's web interface (disable WAN-side access to port 80/443)
4. Implement network-level access controls restricting traffic to the router's management ports
PATCHING GUIDANCE:
1. Check Tenda's official support portal for firmware updates beyond 3.0.0.7(4763)
2. If no patch is available, plan for device replacement with alternative vendors (Cisco, Fortinet, Juniper)
3. Document all affected devices and create a replacement timeline
COMPENSATING CONTROLS:
1. Deploy WAF/IPS rules to detect and block malformed wifiMacFilterSet.macList.mac parameters
2. Implement network segmentation isolating router management interfaces
3. Enable logging and monitoring of httpd access attempts
4. Deploy intrusion detection signatures for stack overflow exploitation attempts
5. Restrict administrative access to router via VPN/bastion hosts only
DETECTION RULES:
1. Monitor for HTTP POST requests to /bin/httpd with unusually long macList.mac values (>256 bytes)
2. Alert on any cgiWifiMacFilterSet function calls with non-standard parameters
3. Track failed authentication attempts and unusual httpd process behavior
4. Monitor for unexpected process spawning from httpd service
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda W12 التي تعمل بالإصدار 3.0.0.7(4763) في شبكتك باستخدام أدوات المسح
2. عزل الأجهزة المتأثرة عن شبكات الإنتاج إن أمكن، أو تقييد الوصول إلى واجهة إدارة httpd
3. تعطيل الوصول الإداري البعيد إلى واجهة الويب للموجه (تعطيل الوصول من جانب WAN إلى المنافذ 80/443)
4. تطبيق عناصر تحكم الوصول على مستوى الشبكة لتقييد حركة المرور إلى منافذ إدارة الموجه
إرشادات التصحيح:
1. تحقق من بوابة دعم Tenda الرسمية للحصول على تحديثات البرامج الثابتة بعد 3.0.0.7(4763)
2. إذا لم يكن هناك تصحيح متاح، خطط لاستبدال الجهاز بموردين بدلاء (Cisco و Fortinet و Juniper)
3. توثيق جميع الأجهزة المتأثرة وإنشاء جدول زمني للاستبدال
عناصر التحكم التعويضية:
1. نشر قواعد WAF/IPS للكشف عن حجب المعاملات المشوهة لمعاملات wifiMacFilterSet.macList.mac
2. تطبيق تقسيم الشبكة لعزل واجهات إدارة الموجه
3. تفعيل تسجيل ومراقبة محاولات الوصول إلى httpd
4. نشر توقيعات كشف الاختراق لمحاولات استغلال تجاوز المكدس
5. تقييد الوصول الإداري إلى الموجه عبر VPN/أجهزة bastion فقط
قواعد الكشف:
1. مراقبة طلبات HTTP POST إلى /bin/httpd بقيم macList.mac طويلة بشكل غير عادي (>256 بايت)
2. التنبيه على أي استدعاءات دالة cgiWifiMacFilterSet بمعاملات غير قياسية
3. تتبع محاولات المصادقة الفاشلة والسلوك غير المعتاد لعملية httpd
4. مراقبة توليد العمليات غير المتوقعة من خدمة httpd
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control (unpatched devices)
ECC 2024 A.12.6 - Change Management (firmware updates)
ECC 2024 A.14.2 - System Development and Maintenance (secure configuration)
ECC 2024 A.5.1 - Access Control Policies (network segmentation)
🔵 SAMA CSF
Identify Function - Asset Management (inventory of Tenda devices)
Protect Function - Access Control (restrict management interface access)
Detect Function - Anomalies and Events (monitor httpd for exploitation attempts)
Respond Function - Incident Response (containment procedures for compromised routers)
🟡 ISO 27001:2022
A.5.1 - Policies for information security (network device security policies)
A.8.1 - Asset inventory and responsibility (router asset management)
A.8.2 - Ownership of assets (device accountability)
A.12.6 - Management of technical vulnerabilities (patch management)
A.13.1 - Network security (network segmentation and access controls)
🟣 PCI DSS v4.0.1
Requirement 1.1 - Firewall configuration standards (if used in payment networks)
Requirement 6.2 - Security patches and updates (firmware patching)
Requirement 11.2 - Vulnerability scanning (identify affected devices)
🔗 References & Sources 6
🔗
🔗
🔗
🔗
🔗
🔗
http://cdn2.v50to.cc/cgiWifiMacFilterSet_overflow.zip
cna@vuldb.com
https://vuldb.com/cve/CVE-2026-10191
cna@vuldb.com
https://vuldb.com/submit/820023
cna@vuldb.com
https://vuldb.com/vuln/367472
cna@vuldb.com
https://vuldb.com/vuln/367472/cti
cna@vuldb.com
https://www.tenda.com.cn/
cna@vuldb.com