📄 Description (English)
A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
🤖 AI Executive Summary
A critical remote buffer overflow vulnerability exists in Tenda F456 router firmware version 1.0.0.5 affecting the P2pListFilter function. The vulnerability allows unauthenticated remote attackers to execute arbitrary code by manipulating the 'manufacturer/Go' parameter. With a CVSS score of 8.8 and publicly available exploit code, this poses an immediate threat to organizations using this router model for network infrastructure.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 27, 2026 12:49
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations, particularly: (1) Government agencies and NCA infrastructure using Tenda routers for network connectivity; (2) Banking sector (SAMA-regulated institutions) if these routers are deployed in branch networks or remote access infrastructure; (3) Telecommunications providers (STC, Mobily, Zain) using Tenda equipment in network infrastructure; (4) Healthcare facilities relying on these routers for medical device connectivity; (5) Energy sector (ARAMCO and related entities) if deployed in operational technology networks. The lack of authentication requirement and remote exploitability make this particularly dangerous for critical infrastructure.
🏢 Affected Saudi Sectors
Government and Public Administration
Banking and Financial Services
Telecommunications
Healthcare
Energy and Utilities
Critical Infrastructure
Education
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda F456 devices running firmware version 1.0.0.5 in your network using network scanning tools
2. Isolate affected devices from critical network segments if possible
3. Implement network-level access controls to restrict access to the /goform/P2pListFilter endpoint
4. Monitor for exploitation attempts using IDS/IPS signatures
PATCHING GUIDANCE:
1. Check Tenda's official website for firmware updates beyond version 1.0.0.5
2. If no patch is available, consider replacing the device with alternative router models from vendors with active security support
3. If replacement is not immediately possible, implement compensating controls
COMPENSATING CONTROLS:
1. Deploy Web Application Firewall (WAF) rules to block requests to /goform/P2pListFilter containing 'manufacturer' or 'Go' parameters
2. Restrict administrative access to router management interfaces to trusted IP ranges only
3. Implement network segmentation to limit lateral movement if device is compromised
4. Enable detailed logging on affected devices and forward logs to SIEM
DETECTION RULES:
1. Monitor for HTTP POST requests to /goform/P2pListFilter with 'manufacturer' or 'Go' parameters
2. Alert on any process execution originating from Tenda router processes
3. Monitor for unusual outbound connections from router IP addresses
4. Track failed and successful authentication attempts to router management interface
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda F456 التي تعمل بالإصدار 1.0.0.5 في شبكتك باستخدام أدوات المسح
2. عزل الأجهزة المتأثرة عن القطاعات الحرجة في الشبكة إن أمكن
3. تطبيق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى نقطة النهاية /goform/P2pListFilter
4. مراقبة محاولات الاستغلال باستخدام توقيعات IDS/IPS
إرشادات التصحيح:
1. تحقق من موقع Tenda الرسمي للحصول على تحديثات البرامج الثابتة بعد الإصدار 1.0.0.5
2. إذا لم يكن هناك تصحيح متاح، فكر في استبدال الجهاز بنماذج موجهات بديلة من البائعين الذين يقدمون دعماً أمنياً نشطاً
3. إذا لم يكن الاستبدال ممكناً على الفور، قم بتطبيق عناصر تحكم تعويضية
عناصر التحكم التعويضية:
1. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحظر الطلبات إلى /goform/P2pListFilter التي تحتوي على معاملات 'manufacturer' أو 'Go'
2. تقييد الوصول الإداري إلى واجهات إدارة الموجه على نطاقات عناوين IP موثوقة فقط
3. تطبيق تقسيم الشبكة لتحديد الحركة الجانبية في حالة اختراق الجهاز
4. تفعيل التسجيل التفصيلي على الأجهزة المتأثرة وإعادة توجيه السجلات إلى SIEM
قواعد الكشف:
1. مراقبة طلبات HTTP POST إلى /goform/P2pListFilter مع معاملات 'manufacturer' أو 'Go'
2. تنبيه عند تنفيذ أي عملية من عمليات موجه Tenda
3. مراقبة الاتصالات الخارجية غير العادية من عناوين IP الموجه
4. تتبع محاولات المصادقة الفاشلة والناجحة لواجهة إدارة الموجه
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Network security controls and perimeter defense
ECC 2024 A.5.2.1 - Access control and authentication mechanisms
ECC 2024 A.6.2.1 - Vulnerability management and patch management
ECC 2024 A.8.2.3 - Monitoring and detection of security incidents
🔵 SAMA CSF
SAMA CSF ID.RA-1 - Asset management and inventory
SAMA CSF PR.AC-1 - Access control policies and procedures
SAMA CSF PR.IP-12 - Software development and security practices
SAMA CSF DE.CM-1 - Detection and monitoring capabilities
🟡 ISO 27001:2022
ISO 27001:2022 A.5.1 - Policies for information security
ISO 27001:2022 A.8.1 - User endpoint devices
ISO 27001:2022 A.8.2 - Privileged access rights
ISO 27001:2022 A.8.6 - Access control to information
🟣 PCI DSS v4.0.1
PCI DSS 1.1 - Firewall configuration standards
PCI DSS 2.1 - Default security parameters
PCI DSS 6.2 - Security patches and updates
PCI DSS 11.3 - Penetration testing and vulnerability scanning
🔗 References & Sources 5
🔗
https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_118/README.md
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/submit/797473
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/359598
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/359598/cti
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://www.tenda.com.cn/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
tenda:f456_firmware:1.0.0.5