📄 Description (English)
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
🤖 AI Executive Summary
A critical buffer overflow vulnerability exists in Tenda F456 router firmware version 1.0.0.5 affecting the httpd component's webExcptypemanFilter function. The vulnerability allows remote attackers to execute arbitrary code through manipulation of the 'page' parameter, with public exploits already available. This poses an immediate threat to organizations using this router model for network infrastructure.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 21:42
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi telecommunications infrastructure (STC, Mobily, Zain), government agencies, and enterprise networks utilizing Tenda F456 routers. Banking sector organizations and ARAMCO facilities using these routers for network segmentation face potential compromise of critical systems. Healthcare institutions and SAMA-regulated entities could experience service disruption and data breach. The lack of available patches makes this a critical concern for Saudi SOCs and network administrators.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Government and Public Administration
Banking and Financial Services
Energy and Utilities (ARAMCO)
Healthcare
Education
Enterprise Networks
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda F456 devices running firmware 1.0.0.5 in your network using network scanning tools
2. Isolate affected devices from critical network segments if possible
3. Implement network-level access controls to restrict access to the httpd service (port 80/443)
4. Monitor for exploitation attempts using IDS/IPS signatures
PATCHING GUIDANCE:
1. Check Tenda's official website for firmware updates beyond 1.0.0.5
2. If updates available, schedule immediate patching during maintenance windows
3. Test patches in isolated lab environment before production deployment
COMPENSATING CONTROLS (if no patch available):
1. Deploy WAF rules to block requests containing suspicious 'page' parameter values
2. Implement strict input validation and length restrictions at network boundary
3. Restrict administrative access to router management interfaces
4. Disable remote management capabilities if not required
5. Place routers behind additional firewall/proxy layer
DETECTION RULES:
1. Monitor for HTTP requests to /goform/webExcptypemanFilter with oversized 'page' parameters
2. Alert on any httpd process crashes or unexpected restarts
3. Track failed authentication attempts to router management interface
4. Monitor for unusual outbound connections from router IP addresses
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda F456 التي تعمل بالإصدار 1.0.0.5 في شبكتك باستخدام أدوات المسح
2. عزل الأجهزة المتأثرة عن القطاعات الحرجة إن أمكن
3. تطبيق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى خدمة httpd
4. مراقبة محاولات الاستغلال باستخدام توقيعات IDS/IPS
إرشادات التصحيح:
1. التحقق من موقع Tenda الرسمي للحصول على تحديثات البرامج الثابتة
2. إذا كانت التحديثات متاحة، جدولة التصحيح الفوري
3. اختبار التحديثات في بيئة معزولة قبل النشر
عناصر التحكم البديلة:
1. نشر قواعد WAF لحجب الطلبات التي تحتوي على قيم معامل 'page' مريبة
2. تطبيق التحقق الصارم من المدخلات على حدود الشبكة
3. تقييد الوصول الإداري إلى واجهات إدارة جهاز التوجيه
4. تعطيل إمكانيات الإدارة البعيدة إذا لم تكن مطلوبة
5. وضع أجهزة التوجيه خلف طبقة جدار حماية إضافية
قواعد الكشف:
1. مراقبة طلبات HTTP إلى /goform/webExcptypemanFilter بمعاملات 'page' كبيرة الحجم
2. تنبيهات عند توقف عملية httpd أو إعادة تشغيل غير متوقعة
3. تتبع محاولات المصادقة الفاشلة لواجهة إدارة جهاز التوجيه
4. مراقبة الاتصالات الخارجية غير العادية من عناوين IP جهاز التوجيه
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control
ECC 2024 A.12.6 - Change Management
ECC 2024 A.14.2 - System Development and Maintenance
ECC 2024 A.5.2 - Information Security Policies and Procedures
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Physical Devices and Software Assets
SAMA CSF PR.IP-3 - Configuration Change Management
SAMA CSF DE.CM-1 - Network Monitoring
SAMA CSF RS.MI-1 - Incident Response Planning
🟡 ISO 27001:2022
ISO 27001:2022 A.5.23 - Information Security for Supplier Relationships
ISO 27001:2022 A.8.1 - Asset Management
ISO 27001:2022 A.8.2 - Configuration Management
ISO 27001:2022 A.12.6 - Change Management
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security Patches and Updates
PCI DSS 11.2 - Vulnerability Scanning
🔗 References & Sources 5
🔗
https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_135/README.md
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/submit/798470
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/359672
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/359672/cti
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://www.tenda.com.cn/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
tenda:f456_firmware:1.0.0.5