Vulnerabilities ›

CVE-2026-9389

High

CWE-119 — Weakness Type

                    Published: May 24, 2026                      ·  Modified: May 31, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

🤖 AI Executive Summary

A critical buffer overflow vulnerability exists in Tenda F456 router firmware version 1.0.0.5 affecting the L7Im form handler. The vulnerability allows remote attackers to execute arbitrary code by manipulating the 'page' parameter, with a CVSS score of 8.8. No patch is currently available, making immediate mitigation essential for affected organizations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 27, 2026 17:41

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi telecommunications infrastructure (STC, Mobily, Zain), government networks (NCA, CITC), and enterprise networks using Tenda F456 routers as edge devices. Banking sector (SAMA-regulated institutions) and critical infrastructure operators (ARAMCO, SEC) are at risk if these routers are deployed in network perimeters. The remote nature of exploitation and lack of authentication requirements make this particularly dangerous for organizations with internet-facing Tenda devices.

🏢 Affected Saudi Sectors

Telecommunications (STC, Mobily, Zain) Government (NCA, CITC) Banking (SAMA-regulated institutions) Energy (ARAMCO, SEC) Healthcare Enterprise Networks

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1499 - Endpoint Denial of Service T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interpreter T1543 - Create or Modify System Process

⚖️ Saudi Risk Score (AI)

8.9

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Tenda F456 devices running firmware 1.0.0.5 in your network using network scanning tools

2. Isolate affected devices from internet-facing positions if possible

3. Implement network segmentation to restrict access to L7Im endpoints (/goform/L7Im)

4. Monitor for exploitation attempts using IDS/IPS signatures



COMPENSATING CONTROLS (until patch available):

5. Deploy WAF rules to block requests with suspicious 'page' parameter values

6. Implement strict input validation at network boundary

7. Restrict administrative access to router management interfaces

8. Enable detailed logging on affected devices



DETECTION RULES:

- Monitor HTTP POST requests to /goform/L7Im with oversized 'page' parameters

- Alert on any firmware version 1.0.0.5 devices communicating externally

- Track failed authentication attempts on router management ports



LONG-TERM:

9. Contact Tenda for patch availability timeline

10. Plan replacement or upgrade of affected devices

11. Consider alternative router solutions if Tenda cannot provide timely patches

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة Tenda F456 التي تعمل بالإصدار 1.0.0.5 في شبكتك باستخدام أدوات المسح

2. عزل الأجهزة المتأثرة عن المواضع المواجهة للإنترنت إن أمكن

3. تطبيق تقسيم الشبكة لتقييد الوصول إلى نقاط نهاية L7Im

4. مراقبة محاولات الاستغلال باستخدام توقيعات IDS/IPS

الضوابط البديلة (حتى توفر التصحيح):

5. نشر قواعد WAF لحجب الطلبات ذات قيم معامل 'page' المريبة

6. تطبيق التحقق الصارم من المدخلات على حدود الشبكة

7. تقييد الوصول الإداري إلى واجهات إدارة جهاز التوجيه

8. تفعيل السجلات التفصيلية على الأجهزة المتأثرة

قواعد الكشف:

- مراقبة طلبات HTTP POST إلى /goform/L7Im بمعاملات 'page' كبيرة الحجم

- تنبيهات على أجهزة الإصدار 1.0.0.5 التي تتواصل خارجياً

- تتبع محاولات المصادقة الفاشلة على منافذ إدارة جهاز التوجيه

المدى الطويل:

9. التواصل مع Tenda بشأن جدول توفر التصحيح

10. التخطيط لاستبدال أو ترقية الأجهزة المتأثرة

11. النظر في حلول جهاز توجيه بديلة إذا لم تتمكن Tenda من توفير تصحيحات في الوقت المناسب

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.2.1 - Monitoring and logging of network activities

🔵 SAMA CSF

ID.RA-1 - Asset management and vulnerability identification PR.IP-12 - Security patch management DE.CM-1 - Detection and monitoring of network anomalies

🟡 ISO 27001:2022

A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development and change management A.12.4.1 - Event logging and monitoring

🟣 PCI DSS v4.0.1

Requirement 6.2 - Security patches and updates Requirement 11.2 - Vulnerability scanning

🔗 References & Sources 5

🔗

https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_2/README.md

cna@vuldb.com

🔗

https://vuldb.com/submit/813444

cna@vuldb.com

🔗

https://vuldb.com/vuln/365352

cna@vuldb.com

🔗

https://vuldb.com/vuln/365352/cti

cna@vuldb.com

🔗

https://www.tenda.com.cn/

cna@vuldb.com

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-05-24

Source Feed nvd

🇸🇦 Saudi Risk Score

8.9

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-9389

Introduce Yourself

Sign In Required