📄 Description (English)
A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
🤖 AI Executive Summary
A critical stack-based buffer overflow vulnerability exists in Tenda F1202 wireless router firmware version 1.2.0.20(408) affecting the WrlExtraSet function. The vulnerability allows remote attackers to execute arbitrary code by manipulating the 'delno' parameter, with a CVSS score of 8.8. No patch is currently available, making immediate mitigation essential for Saudi organizations relying on this equipment.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 28, 2026 19:03
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi telecommunications infrastructure (STC, Mobily, Zain), government networks (NCA, NCSC), and enterprise networks using Tenda F1202 routers as edge devices. Banking sector (SAMA-regulated institutions) and healthcare organizations (MOH) utilizing these routers for network access are at elevated risk. Energy sector (ARAMCO, SEC) networks incorporating this equipment face potential compromise. The public exploit availability increases attack likelihood against critical infrastructure.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Government (NCA, NCSC)
Banking (SAMA-regulated institutions)
Healthcare (MOH)
Energy (ARAMCO, SEC)
Enterprise Networks
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.9
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify and inventory all Tenda F1202 devices running firmware 1.2.0.20(408) across your network
2. Isolate affected devices from critical network segments if possible
3. Implement network segmentation to restrict access to WrlExtraSet endpoint (/goform/WrlExtraSet)
4. Disable remote management features on affected routers
5. Change default credentials and implement strong authentication
COMPENSATING CONTROLS (until patch available):
6. Deploy WAF/IPS rules to block malicious requests to /goform/WrlExtraSet with suspicious 'delno' parameters
7. Monitor for stack overflow patterns in router logs
8. Implement network-based detection for abnormal traffic to router management interfaces
9. Restrict administrative access to router management interfaces via firewall rules
10. Consider replacing affected devices with patched alternatives from Tenda or alternative vendors
DETECTION RULES:
- Alert on POST requests to /goform/WrlExtraSet with oversized 'delno' parameter values
- Monitor for unexpected process execution on router devices
- Track failed authentication attempts to router management interfaces
- Log all access to WrlExtraSet function for forensic analysis
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد وحصر جميع أجهزة Tenda F1202 التي تعمل بالإصدار 1.2.0.20(408) عبر شبكتك
2. عزل الأجهزة المتأثرة عن القطاعات الحرجة في الشبكة إن أمكن
3. تطبيق تقسيم الشبكة لتقييد الوصول إلى نقطة نهاية WrlExtraSet
4. تعطيل ميزات الإدارة البعيدة على أجهزة التوجيه المتأثرة
5. تغيير بيانات الاعتماد الافتراضية وتطبيق المصادقة القوية
الضوابط البديلة (حتى توفر التصحيح):
6. نشر قواعد WAF/IPS لحجب الطلبات الضارة إلى /goform/WrlExtraSet
7. مراقبة أنماط تجاوز المكدس في سجلات جهاز التوجيه
8. تطبيق الكشف على مستوى الشبكة للحركة غير الطبيعية
9. تقييد الوصول الإداري عبر قواعد جدار الحماية
10. استبدال الأجهزة المتأثرة بأجهزة محدثة من Tenda أو بدائل أخرى
قواعد الكشف:
- تنبيهات على طلبات POST إلى /goform/WrlExtraSet بقيم معاملات مريبة
- مراقبة تنفيذ العمليات غير المتوقعة
- تتبع محاولات المصادقة الفاشلة
- تسجيل جميع الوصول للتحليل الجنائي
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Network security and access control
ECC 2024 A.5.2.1 - User access management
ECC 2024 A.5.3.1 - Cryptography and secure communications
ECC 2024 A.6.2.1 - Vulnerability management
ECC 2024 A.6.2.2 - Security patch management
🔵 SAMA CSF
SAMA CSF ID.GV-1 - Organizational cybersecurity policy
SAMA CSF PR.AC-1 - Access control policy
SAMA CSF PR.MA-2 - Address vulnerabilities
SAMA CSF DE.CM-8 - Vulnerability scans
SAMA CSF RS.MI-2 - Incidents are mitigated
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access control
ISO 27001:2022 A.8.1 - Asset management
ISO 27001:2022 A.8.2 - Configuration management
ISO 27001:2022 A.8.6 - Management of technical vulnerabilities
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates
PCI DSS 11.2 - Vulnerability scanning
PCI DSS 1.1 - Firewall configuration standards
🔗 References & Sources 5