📄 Description (English)
A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
🤖 AI Executive Summary
A critical buffer overflow vulnerability exists in Tenda F456 router firmware version 1.0.0.5 affecting the WrlExtraSet HTTP endpoint. The flaw allows remote attackers to execute arbitrary code by manipulating the 'Go' parameter without authentication. With published exploits available and no patch released, this poses an immediate threat to organizations using this widely-deployed consumer/SMB router model.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 21:43
🇸🇦 Saudi Arabia Impact Assessment
High impact for Saudi organizations: (1) Banking/SAMA-regulated entities using Tenda routers in branch networks or as edge devices face remote code execution risks compromising network integrity; (2) Government/NCA agencies with legacy network infrastructure may have these devices in critical access points; (3) Healthcare facilities (MOH) using these routers for network segmentation could experience patient data exposure; (4) Telecom providers (STC, Mobily) and ISPs may have customer-facing or internal deployments; (5) Energy sector (ARAMCO, SEC) operational technology networks could be compromised if these routers are used in SCADA/ICS environments; (6) SMBs and retail chains across Saudi Arabia represent the largest exposure vector.
🏢 Affected Saudi Sectors
Banking and Financial Services (SAMA-regulated)
Government and Public Administration (NCA oversight)
Healthcare (MOH facilities)
Telecommunications (STC, Mobily, Zain)
Energy and Utilities (ARAMCO, SEC)
Retail and E-commerce
Small and Medium Businesses (SMBs)
Education (Universities and Schools)
🎯 MITRE ATT&CK Techniques
T1190 - Exploit Public-Facing Application (remote exploitation of WrlExtraSet endpoint)
T1068 - Exploitation for Privilege Escalation (buffer overflow leading to code execution)
T1543 - Create or Modify System Process (potential persistence through router compromise)
T1021 - Remote Services (lateral movement from compromised router)
T1040 - Traffic Capture or Redirection (network traffic interception from router)
T1557 - Man-in-the-Middle (ARP spoofing/DNS hijacking from compromised router)
⚖️ Saudi Risk Score (AI)
8.9
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda F456 devices running firmware 1.0.0.5 in your network using network scanning tools (nmap, Shodan queries)
2. Isolate affected devices from critical networks immediately if they cannot be replaced
3. Disable remote management features and restrict HTTP/HTTPS access to trusted IPs only
4. Change default credentials on all Tenda devices (admin/admin)
PATCHING GUIDANCE:
1. Check Tenda support portal for firmware updates beyond 1.0.0.5
2. If no patch available, plan replacement with alternative router models from vendors with active security support
3. Do not deploy new Tenda F456 devices until patch is released
COMPENSATING CONTROLS:
1. Deploy WAF/IPS rules blocking POST requests to /goform/WrlExtraSet endpoint
2. Implement network segmentation isolating router management interfaces
3. Monitor for suspicious HTTP requests with 'Go' parameter manipulation
4. Enable logging on all HTTP requests to router management interface
5. Deploy intrusion detection signatures for buffer overflow attempts
DETECTION RULES:
1. Alert on POST requests to /goform/WrlExtraSet with oversized 'Go' parameter values (>256 bytes)
2. Monitor for HTTP 500 errors or unexpected router reboots following WrlExtraSet requests
3. Track failed authentication attempts to router management interface
4. Detect unusual process execution from httpd process on router
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda F456 التي تعمل بالإصدار 1.0.0.5 في شبكتك باستخدام أدوات المسح (nmap, Shodan)
2. عزل الأجهزة المتأثرة عن الشبكات الحرجة فوراً إذا لم يكن بالإمكان استبدالها
3. تعطيل ميزات الإدارة البعيدة وتقييد الوصول HTTP/HTTPS للعناوين الموثوقة فقط
4. تغيير بيانات الاعتماد الافتراضية على جميع أجهزة Tenda
إرشادات التصحيح:
1. التحقق من بوابة دعم Tenda للحصول على تحديثات البرنامج الثابت بعد الإصدار 1.0.0.5
2. إذا لم يكن هناك تصحيح متاح، خطط لاستبدال الجهاز بنماذج بديلة من موردين لديهم دعم أمان نشط
3. عدم نشر أجهزة Tenda F456 جديدة حتى يتم إصدار التصحيح
الضوابط البديلة:
1. نشر قواعد WAF/IPS لحجب طلبات POST إلى نقطة النهاية /goform/WrlExtraSet
2. تنفيذ تقسيم الشبكة لعزل واجهات إدارة جهاز التوجيه
3. مراقبة طلبات HTTP المريبة مع التلاعب بمعامل 'Go'
4. تفعيل السجلات على جميع طلبات HTTP لواجهة إدارة جهاز التوجيه
5. نشر توقيعات كشف الاختراق لمحاولات تجاوز المخزن المؤقت
قواعد الكشف:
1. تنبيه على طلبات POST إلى /goform/WrlExtraSet بقيم معامل 'Go' كبيرة الحجم (>256 بايت)
2. مراقبة أخطاء HTTP 500 أو إعادة تشغيل جهاز التوجيه غير المتوقعة
3. تتبع محاولات المصادقة الفاشلة لواجهة إدارة جهاز التوجيه
4. كشف تنفيذ العمليات غير العادية من عملية httpd
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management (inventory and control of network devices)
ECC 2024 A.12.6 - Change Management (patch management procedures)
ECC 2024 A.14.2 - System Development and Maintenance (secure development practices)
ECC 2024 A.16.1 - Information Security Incident Management (detection and response)
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Asset Management (inventory of critical network infrastructure)
SAMA CSF PR.IP-3 - Configuration Management (secure configuration baselines)
SAMA CSF DE.CM-1 - Detection and Analysis (monitoring for anomalies)
SAMA CSF RS.MI-1 - Incident Response (mitigation of active threats)
🟡 ISO 27001:2022
ISO 27001:2022 A.5.19 - Addressing information security in supplier relationships
ISO 27001:2022 A.8.1 - Asset management and inventory
ISO 27001:2022 A.8.2 - Information classification and handling
ISO 27001:2022 A.12.6 - Change management procedures
ISO 27001:2022 A.14.2 - System development security requirements
🟣 PCI DSS v4.0.1
PCI DSS 1.1 - Firewall configuration standards
PCI DSS 6.2 - Security patches and updates
PCI DSS 11.2 - Vulnerability scanning and remediation
🔗 References & Sources 5
🔗
https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_134/README.md
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/submit/798465
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/359657
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/359657/cti
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://www.tenda.com.cn/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
tenda:f456_firmware:1.0.0.5