📄 Description (English)
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🤖 AI Executive Summary
A critical stack-based buffer overflow vulnerability exists in Tenda AC5 router firmware (version 15.03.06.47) affecting the POST request handler. The vulnerability allows remote attackers to execute arbitrary code by manipulating the funcpara1 parameter, with public exploits already available. This poses an immediate threat to organizations using these routers for network access and perimeter security.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 13:56
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations across multiple sectors are at significant risk: Banking and financial institutions (SAMA-regulated) using Tenda AC5 routers for branch connectivity face potential network compromise and data exfiltration. Government agencies (NCA oversight) and critical infrastructure operators (energy sector, ARAMCO facilities) could experience network disruption and unauthorized access. Telecommunications providers (STC, Mobily) and healthcare organizations relying on these routers for network segmentation are vulnerable to lateral movement attacks. Small and medium enterprises (SMEs) throughout Saudi Arabia commonly deploy Tenda routers, making this a widespread threat vector.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Energy and Utilities
Telecommunications
Healthcare
Retail and E-commerce
Education
Small and Medium Enterprises
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda AC5 devices running firmware 15.03.06.47 in your network using network scanning tools
2. Isolate affected routers from critical network segments if possible
3. Implement network segmentation to limit lateral movement from compromised devices
4. Monitor for suspicious POST requests to /goform/setcfm endpoint
PATCHING GUIDANCE:
1. Check Tenda's official website for firmware updates beyond 15.03.06.47
2. If no patch is available, plan immediate replacement with alternative router models from vendors with active security support
3. Document all affected devices and create replacement timeline
COMPENSATING CONTROLS:
1. Deploy Web Application Firewall (WAF) rules to block POST requests to /goform/setcfm with suspicious funcpara1 parameters
2. Implement strict access controls limiting administrative access to router management interfaces
3. Enable router logging and forward logs to SIEM for analysis
4. Disable remote management features if not required
5. Place routers behind additional network security appliances
DETECTION RULES:
1. Monitor for POST requests to /goform/setcfm with oversized funcpara1 values (>256 bytes)
2. Alert on any successful authentication followed by POST requests to setcfm
3. Track router process crashes or unexpected restarts
4. Monitor for unusual outbound connections from router IP addresses
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda AC5 التي تعمل بالإصدار 15.03.06.47 في شبكتك باستخدام أدوات المسح
2. عزل الأجهزة المتأثرة عن أجزاء الشبكة الحرجة إن أمكن
3. تنفيذ تقسيم الشبكة لتحديد الحركة الجانبية من الأجهزة المخترقة
4. مراقبة طلبات POST المريبة إلى نقطة نهاية /goform/setcfm
إرشادات التصحيح:
1. تحقق من موقع Tenda الرسمي للحصول على تحديثات البرنامج الثابت بعد الإصدار 15.03.06.47
2. إذا لم يكن هناك تصحيح متاح، خطط لاستبدال فوري بنماذج جهاز توجيه بديلة من البائعين الذين لديهم دعم أمان نشط
3. توثيق جميع الأجهزة المتأثرة وإنشاء جدول زمني للاستبدال
الضوابط البديلة:
1. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحظر طلبات POST إلى /goform/setcfm بمعاملات funcpara1 مريبة
2. تنفيذ ضوابط وصول صارمة تحد من الوصول الإداري إلى واجهات إدارة جهاز التوجيه
3. تفعيل تسجيل جهاز التوجيه وإعادة توجيه السجلات إلى SIEM للتحليل
4. تعطيل ميزات الإدارة البعيدة إذا لم تكن مطلوبة
5. وضع أجهزة التوجيه خلف أجهزة أمان شبكة إضافية
قواعد الكشف:
1. مراقبة طلبات POST إلى /goform/setcfm بقيم funcpara1 كبيرة الحجم (>256 بايت)
2. تنبيه عند أي مصادقة ناجحة متبوعة بطلبات POST إلى setcfm
3. تتبع أعطال عملية جهاز التوجيه أو إعادة التشغيل غير المتوقعة
4. مراقبة الاتصالات الخارجية غير العادية من عناوين IP لجهاز التوجيه
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control
ECC 2024 A.12.6 - Change Management
ECC 2024 A.14.2 - System Development and Maintenance
ECC 2024 A.12.2 - Access Control and Authentication
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Physical and Cyber Assets
SAMA CSF PR.DS-6 - Data Security and Protection
SAMA CSF DE.CM-1 - Detection and Analysis
SAMA CSF RS.MI-1 - Incident Response and Recovery
🟡 ISO 27001:2022
ISO 27001:2022 A.5.19 - Secure Development Policy
ISO 27001:2022 A.8.1 - Asset Management
ISO 27001:2022 A.8.2 - Information Classification
ISO 27001:2022 A.12.6 - Change Management
ISO 27001:2022 A.14.2 - System Development and Maintenance
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security Patches and Updates
PCI DSS 11.2 - Vulnerability Scanning
🔗 References & Sources 5
🔗
https://lavender-bicycle-a5a.notion.site/Tenda_AC5_setcfm_funcpara1-32053a41781f8073a4d...
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/?ctiid.353655
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://vuldb.com/?id.353655
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/?submit.777381
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://www.tenda.com.cn/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
tenda:ac5_firmware:15.03.06.47