📄 Description (English)
A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🤖 AI Executive Summary
A critical remote buffer overflow vulnerability exists in Tenda FH451 router firmware (up to version 1.0.0.9) affecting the /goform/GstDhcpSetSer endpoint. With a CVSS score of 8.8 and publicly disclosed exploit code, this vulnerability poses an immediate threat to organizations using these devices. Attackers can achieve remote code execution without authentication, making this a high-priority threat for Saudi networks.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 01:04
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability directly impacts Saudi telecommunications infrastructure (STC, Mobily, Zain), government networks (NCA, CITC), banking sector (SAMA-regulated institutions), and enterprise networks. Tenda routers are widely deployed in SMEs and government facilities across Saudi Arabia. Successful exploitation enables complete device compromise, network reconnaissance, lateral movement, and potential access to critical infrastructure. The public exploit availability significantly increases attack likelihood against Saudi organizations.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Government (NCA, CITC, Ministry networks)
Banking and Financial Services (SAMA-regulated)
Healthcare (MOH facilities)
Energy (ARAMCO, power utilities)
Small and Medium Enterprises (SMEs)
Education (Universities, schools)
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.9
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda FH451 devices in your network using network scanning tools (Shodan, Censys, or internal asset inventory)
2. Isolate affected devices from critical networks if patching cannot be completed immediately
3. Implement network segmentation to restrict access to router management interfaces
4. Monitor for suspicious DHCP configuration requests and unusual traffic patterns
PATCHING:
1. Update Tenda FH451 firmware to version 1.0.0.10 or later immediately
2. Verify firmware authenticity through official Tenda channels before deployment
3. Test patches in non-production environment first
4. Document all patching activities for compliance audit trails
COMPENSATING CONTROLS (if immediate patching unavailable):
1. Disable remote management access to router web interface
2. Restrict access to /goform/GstDhcpSetSer endpoint using firewall rules
3. Implement IP whitelisting for administrative access
4. Deploy IDS/IPS rules to detect buffer overflow attempts
DETECTION RULES:
1. Monitor HTTP POST requests to /goform/GstDhcpSetSer with abnormally large payloads (>1024 bytes)
2. Alert on any DHCP configuration changes from non-administrative sources
3. Track failed authentication attempts to router management interface
4. Monitor for unexpected process execution on router devices
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda FH451 في شبكتك باستخدام أدوات المسح (Shodan أو Censys أو جرد الأصول الداخلي)
2. عزل الأجهزة المتأثرة عن الشبكات الحرجة إذا لم يكن التحديث ممكنًا فورًا
3. تطبيق تقسيم الشبكة لتقييد الوصول إلى واجهات إدارة جهاز التوجيه
4. مراقبة طلبات تكوين DHCP المريبة وأنماط حركة المرور غير العادية
التصحيح:
1. تحديث برنامج تثبيت Tenda FH451 إلى الإصدار 1.0.0.10 أو أحدث فورًا
2. التحقق من صحة البرنامج الثابت من خلال قنوات Tenda الرسمية قبل النشر
3. اختبار التصحيحات في بيئة غير الإنتاج أولاً
4. توثيق جميع أنشطة التصحيح لمسارات تدقيق الامتثال
الضوابط البديلة:
1. تعطيل الوصول الإداري عن بعد إلى واجهة الويب لجهاز التوجيه
2. تقييد الوصول إلى نقطة النهاية /goform/GstDhcpSetSer باستخدام قواعد جدار الحماية
3. تطبيق القائمة البيضاء للعناوين IP للوصول الإداري
4. نشر قواعد IDS/IPS للكشف عن محاولات تجاوز المخزن المؤقت
قواعد الكشف:
1. مراقبة طلبات HTTP POST إلى /goform/GstDhcpSetSer بأحمال غير عادية كبيرة
2. التنبيه على أي تغييرات في تكوين DHCP من مصادر غير إدارية
3. تتبع محاولات المصادقة الفاشلة لواجهة إدارة جهاز التوجيه
4. مراقبة تنفيذ العمليات غير المتوقعة على أجهزة التوجيه
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control
ECC 2024 A.12.6 - Change Management
ECC 2024 A.14.2 - System Development and Maintenance
ECC 2024 A.16.1 - Information Security Incident Management
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Hardware and Software Assets
SAMA CSF PR.IP-3 - Configuration Change Management
SAMA CSF DE.CM-1 - Network Monitoring
SAMA CSF RS.MI-1 - Incident Response Procedures
🟡 ISO 27001:2022
ISO 27001:2022 A.5.19 - Addressing Information Security in Supplier Relationships
ISO 27001:2022 A.8.1 - Asset Management
ISO 27001:2022 A.8.2 - Information Classification
ISO 27001:2022 A.14.2 - System Development and Maintenance
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security Patches and Updates
PCI DSS 11.2 - Vulnerability Scanning
🔗 References & Sources 5
🔗
https://vuldb.com/?ctiid.347220
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://vuldb.com/?id.347220
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/?submit.755218
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuln.ricky.place/Tenda/FH451/
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://www.tenda.com.cn/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
tenda:fh451_firmware:1.0.0.9