📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global phishing Financial Services, Technology, Multiple Sectors CRITICAL 1h Global insider Education HIGH 19h Global supply_chain Software Development and Technology HIGH 1d Global apt Government/Critical Infrastructure CRITICAL 1d Global vulnerability Enterprise Software / Data Analytics CRITICAL 1d Global vulnerability Artificial Intelligence and Technology HIGH 1d Global general Technology and Artificial Intelligence MEDIUM 1d Global general Technology and Artificial Intelligence HIGH 1d Global vulnerability Higher Education CRITICAL 1d Global data_breach Government HIGH 1d Global phishing Financial Services, Technology, Multiple Sectors CRITICAL 1h Global insider Education HIGH 19h Global supply_chain Software Development and Technology HIGH 1d Global apt Government/Critical Infrastructure CRITICAL 1d Global vulnerability Enterprise Software / Data Analytics CRITICAL 1d Global vulnerability Artificial Intelligence and Technology HIGH 1d Global general Technology and Artificial Intelligence MEDIUM 1d Global general Technology and Artificial Intelligence HIGH 1d Global vulnerability Higher Education CRITICAL 1d Global data_breach Government HIGH 1d Global phishing Financial Services, Technology, Multiple Sectors CRITICAL 1h Global insider Education HIGH 19h Global supply_chain Software Development and Technology HIGH 1d Global apt Government/Critical Infrastructure CRITICAL 1d Global vulnerability Enterprise Software / Data Analytics CRITICAL 1d Global vulnerability Artificial Intelligence and Technology HIGH 1d Global general Technology and Artificial Intelligence MEDIUM 1d Global general Technology and Artificial Intelligence HIGH 1d Global vulnerability Higher Education CRITICAL 1d Global data_breach Government HIGH 1d
Vulnerabilities

CVE-2026-6121

High
CWE-119 — Weakness Type
Published: Apr 12, 2026  ·  Modified: Apr 19, 2026  ·  Source: NVD
CVSS v3
8.8
🔗 NVD Official
📄 Description (English)

A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.

🤖 AI Executive Summary

A critical stack-based buffer overflow vulnerability exists in Tenda F451 router firmware (version 1.0.0.7) affecting the WrlclientSet HTTP handler. The flaw allows remote attackers to execute arbitrary code by sending specially crafted requests with oversized GO parameters. With CVSS 8.8 and published exploit details, this poses immediate risk to organizations using Tenda routers for network access and perimeter security.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 02:50
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations across multiple sectors face significant risk: Government agencies and NCA infrastructure using Tenda routers for network segmentation; Banking sector (SAMA-regulated institutions) relying on Tenda devices for branch connectivity and VPN termination; Telecom operators (STC, Mobily, Zain) using Tenda equipment in enterprise networks; Healthcare facilities using these routers for medical device network isolation; Energy sector (ARAMCO, utilities) deploying Tenda in operational technology networks. The lack of available patches creates persistent vulnerability exposure.
🏢 Affected Saudi Sectors
Government Banking Telecommunications Healthcare Energy Critical Infrastructure
⚖️ Saudi Risk Score (AI)
8.6
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Inventory all Tenda F451 devices running firmware 1.0.0.7 across network infrastructure

2. Isolate affected routers from internet-facing positions; move to internal-only network segments if possible

3. Implement network segmentation to restrict access to WrlclientSet endpoint (/goform/WrlclientSet)

4. Enable detailed logging on affected devices and upstream security appliances



COMPENSATING CONTROLS (until patch available):

5. Deploy WAF/IPS rules blocking HTTP requests with oversized GO parameters to /goform/WrlclientSet

6. Implement strict input validation at network perimeter for all traffic to affected routers

7. Restrict administrative access to router management interfaces via VPN/bastion hosts only

8. Monitor for exploitation attempts using IDS signatures detecting stack overflow patterns



DETECTION RULES:

- Alert on POST/GET requests to /goform/WrlclientSet with GO parameter exceeding 256 bytes

- Monitor for unexpected process execution or memory corruption events on router

- Track failed authentication attempts and unusual HTTP status codes from affected devices



LONG-TERM:

9. Evaluate replacement with patched Tenda firmware or alternative vendor solutions

10. Subscribe to Tenda security advisories for patch availability

11. Establish firmware update testing procedures for critical network devices
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. حصر جميع أجهزة Tenda F451 التي تعمل بالإصدار 1.0.0.7 عبر البنية التحتية للشبكة

2. عزل الأجهزة المتأثرة عن المواضع المواجهة للإنترنت؛ نقلها إلى قطاعات الشبكة الداخلية فقط إن أمكن

3. تطبيق تقسيم الشبكة لتقييد الوصول إلى نقطة نهاية WrlclientSet

4. تفعيل السجلات التفصيلية على الأجهزة المتأثرة وأجهزة الأمان العلوية



الضوابط البديلة:

5. نشر قواعد WAF/IPS لحجب طلبات HTTP بمعاملات GO كبيرة الحجم

6. تطبيق التحقق الصارم من صحة المدخلات على محيط الشبكة

7. تقييد الوصول الإداري عبر VPN/bastion hosts فقط

8. مراقبة محاولات الاستغلال باستخدام توقيعات IDS



قواعد الكشف:

- تنبيهات على طلبات POST/GET إلى /goform/WrlclientSet بمعاملات GO تتجاوز 256 بايت

- مراقبة تنفيذ العمليات غير المتوقعة على الجهاز

- تتبع محاولات المصادقة الفاشلة



المدى الطويل:

9. تقييم استبدال الأجهزة بحلول بديلة

10. الاشتراك في تنبيهات أمان Tenda

11. إنشاء إجراءات اختبار تحديثات البرامج الثابتة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.2.1 - Monitoring and logging of network access
🔵 SAMA CSF
SAMA CSF ID.RA-1 - Asset management and vulnerability identification SAMA CSF PR.IP-12 - Security patch management SAMA CSF DE.CM-1 - Detection and monitoring of anomalous activity
🟡 ISO 27001:2022
ISO 27001:2022 A.12.2.1 - Monitoring and logging ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.14.2.1 - Secure development and change management
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates PCI DSS 11.2 - Vulnerability scanning and assessment
📊 CVSS Score
8.8
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score8.8
CWECWE-119
EPSS0.05%
Exploit No
Patch ✗ No
Published 2026-04-12
Source Feed nvd
Views 4
🇸🇦 Saudi Risk Score
8.6
/ 10.0 — Saudi Risk
Priority: CRITICAL
🏷️ Tags
CWE-119
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.