📄 Description (English)
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
🤖 AI Executive Summary
A critical stack-based buffer overflow vulnerability exists in Tenda AC5 router firmware (version 15.03.06.47) affecting the WPS OOB function. The vulnerability allows remote attackers to execute arbitrary code by manipulating the 'index' parameter in POST requests. With a CVSS score of 8.8 and publicly available exploits, this poses an immediate threat to organizations using these devices as network infrastructure.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 13:54
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability significantly impacts Saudi organizations across multiple sectors: Telecommunications (STC, Mobily, Zain) using Tenda AC5 routers in enterprise networks; Banking sector (SAMA-regulated institutions) with these devices in branch offices or remote access infrastructure; Government agencies (NCA, NCSC) managing network infrastructure; Healthcare organizations using these routers for medical device connectivity; Energy sector (ARAMCO, utilities) with industrial network segments. The lack of available patches creates persistent risk for all affected deployments.
🏢 Affected Saudi Sectors
Telecommunications
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities
Retail
Education
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.9
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda AC5 devices running firmware 15.03.06.47 in your network using network scanning tools
2. Isolate affected devices from critical network segments if possible
3. Disable WPS (Wi-Fi Protected Setup) functionality immediately via device administration interface
4. Restrict access to the /goform/WifiWpsOOB endpoint using firewall rules (block POST requests to this path)
5. Monitor for suspicious POST requests to /goform/WifiWpsOOB with unusual 'index' parameter values
PATCHING GUIDANCE:
- Contact Tenda support for firmware updates beyond 15.03.06.47
- Check manufacturer website regularly for security patches
- Implement a device replacement plan for units where patches remain unavailable
COMPENSATING CONTROLS:
- Deploy Web Application Firewall (WAF) rules to detect buffer overflow attempts
- Implement network segmentation to limit router access to authorized administrators only
- Enable router access logs and configure SIEM alerts for suspicious activity
- Use VPN for remote administration instead of direct router access
- Disable remote management features on the router
DETECTION RULES:
- Monitor for POST requests to /goform/WifiWpsOOB with index parameter values exceeding normal ranges
- Alert on unusual process execution or memory access patterns on router devices
- Track failed authentication attempts and unusual administrative access patterns
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda AC5 التي تعمل بالإصدار 15.03.06.47 في شبكتك باستخدام أدوات المسح
2. عزل الأجهزة المتأثرة عن القطاعات الحرجة في الشبكة إن أمكن
3. تعطيل وظيفة WPS فوراً عبر واجهة إدارة الجهاز
4. تقييد الوصول إلى نقطة النهاية /goform/WifiWpsOOB باستخدام قواعد جدار الحماية
5. مراقبة طلبات POST المريبة مع قيم معاملات 'index' غير عادية
إرشادات التصحيح:
- الاتصال بدعم Tenda للحصول على تحديثات البرامج الثابتة
- التحقق من موقع الشركة المصنعة بانتظام للحصول على تصحيحات الأمان
- تنفيذ خطة استبدال الأجهزة حيث لا تتوفر التصحيحات
الضوابط البديلة:
- نشر قواعد جدار تطبيقات الويب للكشف عن محاولات فيضان المخزن المؤقت
- تنفيذ تقسيم الشبكة لتحديد الوصول إلى المسؤولين المصرح لهم فقط
- تفعيل سجلات الوصول وتكوين تنبيهات SIEM
- استخدام VPN للإدارة البعيدة بدلاً من الوصول المباشر
- تعطيل ميزات الإدارة البعيدة
قواعد الكشف:
- مراقبة طلبات POST إلى /goform/WifiWpsOOB بقيم معاملات غير عادية
- تنبيهات تنفيذ العمليات المريبة على أجهزة التوجيه
- تتبع محاولات المصادقة الفاشلة والوصول الإداري غير العادي
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control
ECC 2024 A.12.6 - Management of Technical Vulnerabilities
ECC 2024 A.14.2 - System Development and Change Management
ECC 2024 A.5.1 - Policies for Information Security
🔵 SAMA CSF
SAMA CSF ID.RA-1 - Asset Management
SAMA CSF PR.IP-12 - Vulnerability Management
SAMA CSF DE.CM-8 - Vulnerability Scans
SAMA CSF RS.MI-2 - Incident Response and Recovery
🟡 ISO 27001:2022
ISO 27001:2022 A.5.19 - Vulnerability Management
ISO 27001:2022 A.8.1 - Asset Management
ISO 27001:2022 A.12.6 - Management of Technical Vulnerabilities
ISO 27001:2022 A.14.2 - System Development and Change Management
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security Patch Management
PCI DSS 11.2 - Vulnerability Scanning
🔗 References & Sources 5
🔗
https://lavender-bicycle-a5a.notion.site/Tenda_AC5_WifiWpsOOB_index-32053a41781f8096a9b...
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/?ctiid.353656
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://vuldb.com/?id.353656
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/?submit.777393
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://www.tenda.com.cn/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
tenda:ac5_firmware:15.03.06.47