A critical vulnerability has been identified in multiple Tenda networking products, carrying a CVSS score of 9.8 out of 10. This flaw allows a remote, unauthenticated attacker to execute arbitrary code and gain complete control over an affected device by sending a specially crafted HTTP request. Successful exploitation could lead to a total compromise of the network's security, enabling data theft, traffic interception, and further attacks on the internal network.

This vulnerability is a command injection or buffer overflow flaw within the HTTP Request Handler component. A remote, unauthenticated attacker can send a malicious HTTP POST request to the /goform/AdvSetMacMtuWa endpoint. The parameters within this request are improperly validated by the check_param_changed function, allowing the attacker to inject and execute arbitrary system commands with root-level privileges on the device.

This vulnerability is of critical severity with a CVSS score of 9.8. Exploitation could have a severe business impact, as it allows a complete takeover of the network device. Potential consequences include the ability for an attacker to monitor, redirect, or block all network traffic, compromising data confidentiality and availability. The compromised device could be used as a pivot point to attack other systems on the internal network, exfiltrate sensitive data, or be enrolled in a botnet for use in larger-scale attacks like Distributed Denial-of-Service (DDoS).

Immediate Action: Update A vulnerability was found in Tenda Multiple Products to the latest version. This involves downloading and applying the latest firmware patch provided by the vendor to all affected devices immediately. After patching, monitor for any signs of exploitation and review historical access logs for suspicious activity targeting the vulnerable endpoint.

Proactive Monitoring: Security teams should actively monitor network traffic for anomalous requests to the /goform/AdvSetMacMtuWa web endpoint. Review web server and firewall logs for connections from untrusted IP addresses attempting to access this path. Monitor devices for unexpected reboots, configuration changes, or unusual outbound traffic which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, disable remote (WAN) management of the device's web interface to prevent external attackers from reaching the vulnerable component. If remote access is required, restrict it using a firewall and strict Access Control Lists (ACLs) to only allow connections from trusted IP addresses. Deploying an Intrusion Prevention System (IPS) with signatures capable of detecting command injection attempts can also help mitigate risk.

Public Exploit Available: false

Due to the critical severity (CVSS 9.8) of this vulnerability and the high likelihood of future exploitation, we strongly recommend that organizations prioritize the immediate patching of all affected Tenda devices. While this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for inclusion. As a fundamental security best practice, organizations should ensure that the web administration interface of network devices is never exposed to the public internet.