📄 Description (English)
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
🤖 AI Executive Summary
A critical stack-based buffer overflow vulnerability exists in Tenda CH22 firmware version 1.0.0.1 affecting the formCreateFileName function. The vulnerability can be exploited remotely without authentication through the fileNameMit parameter, allowing attackers to execute arbitrary code. With public exploits available and no patch currently released, this poses an immediate threat to organizations using affected Tenda networking equipment.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 16:03
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations across multiple sectors: Telecommunications (STC, Mobily, Zain) using Tenda equipment for network infrastructure; Government agencies and NCA utilizing these devices for network management; Banking sector (SAMA-regulated institutions) relying on Tenda routers/switches for network segmentation; Healthcare facilities using Tenda equipment for medical device connectivity; Energy sector (ARAMCO and utilities) employing these devices in operational technology networks. The remote exploitability without authentication makes this particularly dangerous for organizations with internet-facing Tenda devices.
🏢 Affected Saudi Sectors
Telecommunications
Government
Banking
Healthcare
Energy
Education
Retail
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.9
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda CH22 devices running firmware 1.0.0.1 in your network using network scanning tools
2. Isolate affected devices from internet-facing networks immediately
3. Restrict access to the /goform/createFileName endpoint using firewall rules
4. Monitor for exploitation attempts using IDS/IPS signatures
PATCHING GUIDANCE:
1. Check Tenda's official website daily for firmware updates
2. When patch becomes available, test in isolated environment before production deployment
3. Maintain inventory of all Tenda devices for coordinated patching
COMPENSATING CONTROLS (until patch available):
1. Implement network segmentation to isolate Tenda devices
2. Deploy WAF rules to block requests to /goform/createFileName with suspicious fileNameMit parameters
3. Restrict administrative access to Tenda devices to trusted IP ranges only
4. Disable remote management features if not required
5. Monitor device logs for unusual file creation activities
DETECTION RULES:
1. Alert on HTTP POST requests to /goform/createFileName with fileNameMit parameter containing special characters or exceeding 256 bytes
2. Monitor for unexpected process execution from Tenda device processes
3. Track failed authentication attempts to device management interfaces
4. Alert on abnormal network traffic patterns from affected devices
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda CH22 التي تعمل بالإصدار 1.0.0.1 في شبكتك باستخدام أدوات المسح
2. عزل الأجهزة المتأثرة عن الشبكات المتصلة بالإنترنت فوراً
3. تقييد الوصول إلى نقطة النهاية /goform/createFileName باستخدام قواعد جدار الحماية
4. مراقبة محاولات الاستغلال باستخدام توقيعات IDS/IPS
إرشادات التصحيح:
1. التحقق من موقع Tenda الرسمي يومياً للحصول على تحديثات البرنامج الثابت
2. عند توفر التصحيح، اختبره في بيئة معزولة قبل نشره في الإنتاج
3. الحفاظ على جرد لجميع أجهزة Tenda لتنسيق التصحيح
الضوابط البديلة (حتى توفر التصحيح):
1. تنفيذ تقسيم الشبكة لعزل أجهزة Tenda
2. نشر قواعد WAF لحظر الطلبات إلى /goform/createFileName مع معاملات fileNameMit المريبة
3. تقييد الوصول الإداري إلى أجهزة Tenda على نطاقات IP موثوقة فقط
4. تعطيل ميزات الإدارة البعيدة إذا لم تكن مطلوبة
5. مراقبة سجلات الجهاز للأنشطة غير العادية لإنشاء الملفات
قواعد الكشف:
1. تنبيه على طلبات HTTP POST إلى /goform/createFileName مع معامل fileNameMit يحتوي على أحرف خاصة أو يتجاوز 256 بايت
2. مراقبة تنفيذ العمليات غير المتوقعة من عمليات جهاز Tenda
3. تتبع محاولات المصادقة الفاشلة لواجهات إدارة الجهاز
4. تنبيه على أنماط حركة الشبكة غير الطبيعية من الأجهزة المتأثرة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.12.2.1 - Monitoring and logging of access
ECC 2024 A.13.1.3 - Segregation of networks
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.IP-12 - Software, firmware, and information integrity mechanisms
DE.CM-1 - The network is monitored to detect potential cybersecurity events
RS.MI-1 - Incidents are contained
🟡 ISO 27001:2022
A.12.2.1 - Monitoring and logging of access to information and information processing facilities
A.12.6.1 - Management of technical vulnerabilities
A.13.1.3 - Segregation of networks
A.14.2.1 - Secure development policy and procedures
🟣 PCI DSS v4.0.1
Requirement 6.2 - Ensure security patches are installed within defined timeframe
Requirement 11.2 - Run automated vulnerability scans regularly
🔗 References & Sources 5
🔗
https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_50/README.md
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/submit/780203
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/354184
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/354184/cti
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://www.tenda.com.cn/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
tenda:ch22_firmware:1.0.0.1