📄 Description (English)
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
🤖 AI Executive Summary
A critical buffer overflow vulnerability exists in Tenda HG10 router's Boa web service that allows remote code execution through the formRoute function. The vulnerability affects the nextHop parameter in /boaform/formRouting, enabling unauthenticated attackers to execute arbitrary code on affected devices. With CVSS 8.8 severity and no patch currently available, this poses immediate risk to organizations using Tenda HG10 routers as network gateways.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 27, 2026 12:48
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi telecommunications infrastructure (STC, Mobily, Zain), government agencies using Tenda equipment for network connectivity, and financial institutions relying on these routers for branch connectivity. ISPs and data centers in Saudi Arabia utilizing Tenda HG10 as edge devices face potential network compromise. The lack of authentication requirement makes this particularly dangerous for organizations with internet-facing Tenda devices. Critical impact on ARAMCO and other energy sector organizations if these routers are deployed in operational networks.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Government and Public Administration
Banking and Financial Services
Energy and Utilities (ARAMCO)
Healthcare
Data Centers and ISPs
Education
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda HG10 devices in your network using network scanning tools (nmap, Shodan queries)
2. Isolate affected devices from critical network segments if possible
3. Implement network-level access controls restricting access to /boaform/formRouting endpoint
4. Monitor for exploitation attempts using IDS/IPS signatures
COMPENSATING CONTROLS (until patch available):
5. Deploy WAF rules blocking requests to /boaform/formRouting with suspicious nextHop parameters
6. Implement rate limiting on the vulnerable endpoint
7. Restrict administrative access to router management interfaces to trusted IPs only
8. Enable logging on all router access attempts
9. Consider replacing Tenda HG10 with alternative vendors (Cisco, Juniper, Huawei) in critical deployments
DETECTION RULES:
- Monitor for POST requests to /boaform/formRouting with nextHop parameter containing buffer overflow patterns (long strings, special characters)
- Alert on any successful code execution indicators following router access
- Track firmware version to identify HG7_HG9_HG10re_300001138_en_xpon installations
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda HG10 في شبكتك باستخدام أدوات المسح (nmap، استعلامات Shodan)
2. عزل الأجهزة المتأثرة عن القطاعات الحرجة إن أمكن
3. تطبيق ضوابط الوصول على مستوى الشبكة لتقييد الوصول إلى نقطة نهاية /boaform/formRouting
4. مراقبة محاولات الاستغلال باستخدام توقيعات IDS/IPS
الضوابط البديلة (حتى توفر التصحيح):
5. نشر قواعد WAF لحجب الطلبات إلى /boaform/formRouting مع معاملات nextHop المريبة
6. تطبيق تحديد معدل على نقطة النهاية الضعيفة
7. تقييد الوصول الإداري لواجهات إدارة الموجه إلى عناوين IP موثوقة فقط
8. تفعيل تسجيل جميع محاولات الوصول إلى الموجه
9. النظر في استبدال Tenda HG10 بموردين بدائل (Cisco، Juniper، Huawei) في النشرات الحرجة
قواعد الكشف:
- مراقبة طلبات POST إلى /boaform/formRouting مع معامل nextHop يحتوي على أنماط تجاوز المخزن المؤقت
- تنبيه عند أي مؤشرات تنفيذ أكواد ناجحة بعد الوصول إلى الموجه
- تتبع إصدار البرنامج الثابت لتحديد تثبيتات HG7_HG9_HG10re_300001138_en_xpon
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.12.2.1 - Monitoring of systems and applications
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.IP-12 - Security patch management
DE.CM-1 - Detection and analysis of anomalies
🟡 ISO 27001:2022
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development and change management
A.12.2.1 - Monitoring of information systems
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches must be installed
Requirement 11.2 - Vulnerability scanning and remediation
🔗 References & Sources 5
🔗
https://github.com/xyh4ck/iot_poc/blob/main/Tenda/HG10/01_Buffer_Overflow_nextHop/READM...
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/submit/796427
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/359540
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/359540/cti
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://www.tenda.com.cn/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
tenda:hg10_firmware:300001138