📄 Description (English)
A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
🤖 AI Executive Summary
A critical buffer overflow vulnerability exists in Tenda F456 router firmware (version 1.0.0.5) affecting the PPTP user settings function. The vulnerability allows remote attackers to execute arbitrary code by manipulating the 'delno' parameter, with a CVSS score of 8.8. No patch is currently available, making immediate mitigation essential for affected organizations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 17:09
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi telecommunications infrastructure (STC, Mobily, Zain) and government agencies using Tenda routers for network connectivity. Banking sector organizations (SAMA-regulated institutions) utilizing these devices for branch connectivity or VPN access are at elevated risk. Healthcare facilities and energy sector organizations (ARAMCO, SEC) relying on PPTP-enabled routers for remote access face potential data breach and operational disruption. Small and medium enterprises across all sectors using Tenda F456 for network management are particularly vulnerable due to limited security monitoring capabilities.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Banking and Financial Services (SAMA-regulated)
Government and Public Administration (NCA, CITC)
Healthcare
Energy and Utilities (ARAMCO, SEC)
Small and Medium Enterprises
Education
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.5
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify and inventory all Tenda F456 devices running firmware version 1.0.0.5 across your network
2. Disable PPTP functionality immediately if not operationally critical
3. Isolate affected devices from untrusted networks and implement network segmentation
4. Monitor for suspicious PPTP connection attempts and buffer overflow exploitation patterns
COMPENSATING CONTROLS:
1. Implement strict firewall rules blocking external access to port 1723 (PPTP) and HTTP management ports
2. Restrict administrative access to router management interfaces using IP whitelisting
3. Deploy intrusion detection/prevention systems (IDS/IPS) with signatures for buffer overflow attempts
4. Enable detailed logging on affected devices and forward logs to centralized SIEM
5. Consider replacing Tenda F456 with alternative router models from vendors with active security support
6. If replacement not immediately possible, disable HTTP management interface and use only SSH/secure alternatives
DETECTION RULES:
1. Monitor for HTTP POST requests to /goform/PPTPUserSetting with abnormally long 'delno' parameter values
2. Alert on any PPTP connection attempts from external/untrusted sources
3. Track firmware version of all Tenda devices; flag version 1.0.0.5 for immediate action
4. Monitor for unexpected process execution or privilege escalation on router devices
5. Implement network-based detection for buffer overflow attack patterns targeting port 1723
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد وحصر جميع أجهزة Tenda F456 التي تعمل بإصدار البرنامج الثابت 1.0.0.5 عبر شبكتك
2. تعطيل وظيفة PPTP فوراً إذا لم تكن حرجة من الناحية التشغيلية
3. عزل الأجهزة المتأثرة عن الشبكات غير الموثوقة وتطبيق تقسيم الشبكة
4. مراقبة محاولات اتصال PPTP المريبة وأنماط استغلال تجاوز المخزن المؤقت
الضوابط التعويضية:
1. تطبيق قواعد جدار الحماية الصارمة لحجب الوصول الخارجي إلى المنفذ 1723 (PPTP) ومنافذ إدارة HTTP
2. تقييد الوصول الإداري إلى واجهات إدارة جهاز التوجيه باستخدام قائمة بيضاء للعناوين
3. نشر أنظمة كشف/منع الاختراق (IDS/IPS) مع توقيعات لمحاولات تجاوز المخزن المؤقت
4. تفعيل السجلات التفصيلية على الأجهزة المتأثرة وإعادة توجيهها إلى SIEM مركزي
5. النظر في استبدال Tenda F456 بنماذج جهاز توجيه بديلة من بائعين لديهم دعم أمان نشط
6. إذا لم يكن الاستبدال ممكناً فوراً، عطل واجهة إدارة HTTP واستخدم فقط SSH أو بدائل آمنة
قواعد الكشف:
1. مراقبة طلبات HTTP POST إلى /goform/PPTPUserSetting بقيم معامل 'delno' طويلة بشكل غير طبيعي
2. تنبيه على أي محاولات اتصال PPTP من مصادر خارجية/غير موثوقة
3. تتبع إصدار البرنامج الثابت لجميع أجهزة Tenda؛ وضع علامة على الإصدار 1.0.0.5 للإجراء الفوري
4. مراقبة تنفيذ العمليات غير المتوقعة أو تصعيد الامتيازات على أجهزة جهاز التوجيه
5. تطبيق الكشف القائم على الشبكة لأنماط هجمات تجاوز المخزن المؤقت التي تستهدف المنفذ 1723
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control
ECC 2024 A.8.2 - Information Security Perimeter
ECC 2024 A.12.6 - Management of Technical Vulnerabilities
ECC 2024 A.14.2 - System Development and Maintenance Security
🔵 SAMA CSF
SAMA CSF ID.RA-1 - Asset Management
SAMA CSF PR.DS-6 - Data Security and Protection
SAMA CSF DE.CM-1 - Detection and Analysis
SAMA CSF RS.MI-1 - Incident Response and Recovery
🟡 ISO 27001:2022
ISO 27001:2022 A.5.19 - Inventory of Information and Other Assets
ISO 27001:2022 A.8.1 - Screening
ISO 27001:2022 A.8.2 - Information Security Responsibilities
ISO 27001:2022 A.12.6 - Management of Technical Vulnerabilities
ISO 27001:2022 A.14.2 - System Development and Maintenance Security
🟣 PCI DSS v4.0.1
PCI DSS 1.1 - Firewall Configuration Standards
PCI DSS 2.1 - Default Passwords and Security Parameters
PCI DSS 6.2 - Security Patches and Updates
PCI DSS 11.2 - Vulnerability Scanning
🔗 References & Sources 5
🔗
https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_132/README.md
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/submit/798463
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/359655
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/359655/cti
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://www.tenda.com.cn/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
tenda:f456_firmware:1.0.0.5