📄 Description (English)
A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been made available to the public and could be used for attacks.
🤖 AI Executive Summary
CVE-2026-11493 affects Tenda AC15 routers running firmware 15.03.05.19, exposing weak password requirements in Samba configuration. This vulnerability requires local network access and high attack complexity, but poses a risk to organizations using Tenda devices as network infrastructure. With no patch currently available and public exploit information disclosed, organizations should implement compensating controls immediately.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 8, 2026 12:57
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using Tenda AC15 routers in corporate networks, particularly in banking branches, government offices, healthcare facilities, and telecom infrastructure, face elevated risk. The vulnerability primarily impacts: (1) Banking sector (SAMA-regulated institutions) using Tenda devices for branch connectivity; (2) Government agencies (NCA oversight) relying on these routers; (3) Healthcare providers requiring secure patient data access; (4) Telecom operators (STC, Mobily) using Tenda equipment in network infrastructure. Local network access requirement limits exposure but internal threats and compromised network segments pose significant risk.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Telecommunications
Energy and Utilities
Retail and E-commerce
Education
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
5.5
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Inventory all Tenda AC15 devices running firmware 15.03.05.19 across the organization
2. Isolate affected devices from critical network segments if possible
3. Implement network segmentation to restrict local network access to Tenda devices
4. Disable Samba file sharing if not operationally required
Patching Guidance:
1. Check Tenda support portal for firmware updates beyond 15.03.05.19
2. If update available, schedule maintenance window for firmware upgrade
3. Test updates in non-production environment first
4. Document all firmware versions post-remediation
Compensating Controls:
1. Enforce strong password policies on all systems accessing Tenda devices
2. Implement network access controls (NAC) to restrict device connectivity
3. Deploy intrusion detection systems (IDS) monitoring Samba traffic on port 445
4. Enable detailed logging on Samba configuration changes
5. Implement VPN requirements for remote access to network segments containing Tenda devices
6. Conduct regular security audits of Samba configuration files
Detection Rules:
1. Monitor for unauthorized modifications to /etc_ro/smb.conf
2. Alert on failed authentication attempts to Samba shares
3. Track changes to password policy settings in Samba
4. Monitor for unusual SMB protocol activity from internal hosts
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حصر جميع أجهزة Tenda AC15 التي تعمل بالإصدار 15.03.05.19 في المنظمة
2. عزل الأجهزة المتأثرة عن القطاعات الحرجة في الشبكة إن أمكن
3. تطبيق تقسيم الشبكة لتقييد الوصول إلى الشبكة المحلية لأجهزة Tenda
4. تعطيل مشاركة ملفات Samba إذا لم تكن مطلوبة تشغيلياً
إرشادات التصحيح:
1. التحقق من بوابة دعم Tenda للحصول على تحديثات البرامج الثابتة بعد 15.03.05.19
2. إذا كان التحديث متاحاً، جدولة نافذة صيانة لترقية البرنامج الثابت
3. اختبار التحديثات في بيئة غير الإنتاج أولاً
4. توثيق جميع إصدارات البرامج الثابتة بعد المعالجة
الضوابط التعويضية:
1. فرض سياسات كلمات مرور قوية على جميع الأنظمة التي تصل إلى أجهزة Tenda
2. تطبيق ضوابط الوصول إلى الشبكة (NAC) لتقييد اتصال الأجهزة
3. نشر أنظمة كشف التسلل (IDS) لمراقبة حركة Samba على المنفذ 445
4. تفعيل السجلات التفصيلية لتغييرات تكوين Samba
5. فرض متطلبات VPN للوصول البعيد إلى قطاعات الشبكة التي تحتوي على أجهزة Tenda
6. إجراء عمليات تدقيق أمان منتظمة لملفات تكوين Samba
قواعد الكشف:
1. مراقبة التعديلات غير المصرح بها على /etc_ro/smb.conf
2. تنبيهات محاولات المصادقة الفاشلة لمشاركات Samba
3. تتبع التغييرات في إعدادات سياسة كلمات المرور في Samba
4. مراقبة نشاط بروتوكول SMB غير المعتاد من المضيفين الداخليين
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies
ECC 2024 A.6.1.2 - User Registration and De-registration
ECC 2024 A.6.2.1 - User Access Rights
ECC 2024 A.9.2.1 - User Identification and Authentication
ECC 2024 A.9.2.4 - Password Management
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Asset Management
SAMA CSF PR.AC-1 - Access Control Policy
SAMA CSF PR.AC-6 - Access Control Implementation
SAMA CSF DE.CM-1 - Network Monitoring
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access Control
ISO 27001:2022 A.5.16 - Identification and Authentication
ISO 27001:2022 A.5.18 - Management of Privileged Access Rights
ISO 27001:2022 A.8.3 - Cryptography
ISO 27001:2022 A.8.22 - Monitoring
🟣 PCI DSS v4.0.1
PCI DSS 2.1 - Default Passwords
PCI DSS 2.2.4 - Configure System Security Parameters
PCI DSS 8.2.1 - Strong Authentication
PCI DSS 8.2.3 - Password Strength
🔗 References & Sources 6
🔗
🔗
🔗
🔗
🔗
🔗
https://vuldb.com/cve/CVE-2026-11493
cna@vuldb.com
https://vuldb.com/submit/834818
cna@vuldb.com
https://vuldb.com/vuln/369113
cna@vuldb.com
https://vuldb.com/vuln/369113/cti
cna@vuldb.com
https://www.notion.so/Tenda-AC15-V15-03-05-19-3671f5ba98908023b508dc0330624dcd?source=c...
cna@vuldb.com
https://www.tenda.com.cn/
cna@vuldb.com