Vulnerabilities ›

CVE-2026-5990

High

CWE-119 — Weakness Type

                    Published: Apr 10, 2026                      ·  Modified: Apr 16, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

🤖 AI Executive Summary

CVE-2026-5990 is a critical stack-based buffer overflow vulnerability in Tenda F451 router firmware (version 1.0.0.7) affecting the SafeEmailFilter function. The vulnerability allows remote attackers to execute arbitrary code by manipulating the 'page' parameter, with a CVSS score of 8.8. No patch is currently available, making immediate mitigation essential for affected organizations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 12:06

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi organizations using Tenda F451 routers as network perimeter devices. Primary impact sectors include: Banking and Financial Services (SAMA-regulated institutions using these routers for branch connectivity), Government agencies (NCA oversight), Healthcare facilities (MOH), Telecommunications providers (STC, Mobily), and Energy sector (ARAMCO subsidiaries). The vulnerability enables complete device compromise, potential lateral movement into internal networks, and data exfiltration. SMEs and small government offices commonly deploy Tenda routers, making them high-value targets for threat actors.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Telecommunications Small and Medium Enterprises

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation T1543 - Create or Modify System Process T1059 - Command and Scripting Interpreter T1570 - Lateral Tool Transfer

⚖️ Saudi Risk Score (AI)

8.9

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Tenda F451 devices running firmware 1.0.0.7 in your network using network scanning tools

2. Isolate affected devices from critical network segments if possible

3. Implement network-level access controls restricting access to the /goform/SafeEmailFilter endpoint

4. Monitor for exploitation attempts using IDS/IPS signatures



COMPENSATING CONTROLS (until patch available):

5. Disable SafeEmailFilter functionality if not operationally required

6. Implement WAF rules blocking requests with suspicious 'page' parameter values (length > 256 bytes)

7. Restrict administrative access to router management interfaces to trusted IPs only

8. Enable router logging and forward logs to SIEM for analysis

9. Consider replacing affected devices with alternative vendors (Cisco, Fortinet, Ubiquiti)



DETECTION RULES:

- Monitor for POST requests to /goform/SafeEmailFilter with oversized 'page' parameters

- Alert on unexpected process execution from router processes

- Track firmware version changes and unauthorized configuration modifications

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة Tenda F451 التي تعمل بالإصدار 1.0.0.7 في شبكتك باستخدام أدوات المسح

2. عزل الأجهزة المتأثرة عن القطاعات الحرجة في الشبكة إن أمكن

3. تطبيق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى نقطة النهاية /goform/SafeEmailFilter

4. مراقبة محاولات الاستغلال باستخدام توقيعات IDS/IPS

عناصر التحكم التعويضية (حتى توفر التصحيح):

5. تعطيل وظيفة SafeEmailFilter إذا لم تكن مطلوبة تشغيلياً

6. تطبيق قواعد WAF لحجب الطلبات ذات قيم معامل 'page' المريبة (الطول > 256 بايت)

7. تقييد الوصول الإداري إلى واجهات إدارة الموجه على عناوين IP موثوقة فقط

8. تفعيل تسجيل الموجه وإعادة توجيه السجلات إلى SIEM للتحليل

9. النظر في استبدال الأجهزة المتأثرة بموردين بدائل (Cisco, Fortinet, Ubiquiti)

قواعد الكشف:

- مراقبة طلبات POST إلى /goform/SafeEmailFilter مع معاملات 'page' كبيرة الحجم

- تنبيهات على تنفيذ العمليات غير المتوقعة من عمليات الموجه

- تتبع تغييرات إصدار البرنامج الثابت والتعديلات غير المصرح بها على الإعدادات

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.2.1 - Monitoring and logging of network activities

🔵 SAMA CSF

ID.RA-1 - Asset management and vulnerability identification PR.PT-2 - Protective technology deployment DE.CM-1 - Detection and analysis of anomalies

🟡 ISO 27001:2022

A.12.2.1 - Monitoring and logging A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development and change management

🟣 PCI DSS v4.0.1

Requirement 6.2 - Security patches and updates Requirement 11.2 - Vulnerability scanning

🔗 References & Sources 5

🔗

https://github.com/Jimi-Lab/cve/issues/8

cna@vuldb.com

🔗

https://vuldb.com/submit/792861

cna@vuldb.com

🔗

https://vuldb.com/vuln/356544

cna@vuldb.com

🔗

https://vuldb.com/vuln/356544/cti

cna@vuldb.com

🔗

https://www.tenda.com.cn/

cna@vuldb.com

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-04-10

Source Feed nvd

🇸🇦 Saudi Risk Score

8.9

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-5990

💬 Comments

Introduce Yourself

Sign In Required