A critical memory corruption vulnerability has been identified in multiple Tenda networking products. An attacker can remotely exploit this flaw by sending a specially crafted request to the device's web interface, potentially allowing them to execute arbitrary code and gain complete control over the affected device.

This is a memory corruption vulnerability within the formSafeEmailFilter function, accessible via the /goform/SafeEmailFilter web endpoint. An unauthenticated remote attacker can trigger this vulnerability by sending a malicious web request that includes a specially manipulated page argument. The improper handling of this argument by the function leads to a memory corruption condition, which can be leveraged by an attacker to cause a denial-of-service or, more critically, achieve arbitrary code execution on the device.

This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected Tenda networking devices. An attacker gaining control of these devices could intercept sensitive network traffic, pivot to attack other systems on the internal network, disrupt network availability, or incorporate the devices into a botnet for use in larger-scale attacks. The potential for remote, unauthenticated exploitation significantly increases the likelihood of an attack.

Immediate Action: Update A vulnerability was found in Tenda Multiple Products to the latest version. After applying the patch, it is essential to monitor for any subsequent exploitation attempts and review access logs for any suspicious activity that may have occurred prior to the update.

Proactive Monitoring: Monitor web server logs for unusual or malformed requests to the /goform/SafeEmailFilter endpoint, paying close attention to the page argument. Network monitoring should be configured to detect unexpected outbound connections or traffic patterns originating from the Tenda devices. Watch for unexplained system reboots or crashes, which could indicate exploitation attempts.

Compensating Controls: If immediate patching is not feasible, restrict access to the device's web administration interface to a dedicated and trusted management network. If exposed to the internet, place the device behind a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with signatures designed to detect and block attempts to exploit this vulnerability.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for complete system compromise, this vulnerability requires immediate attention. Organizations must prioritize the identification and patching of all affected Tenda devices. Although this CVE is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion and indicates a high risk of exploitation. If patching cannot be performed immediately, the compensating controls listed above must be implemented as a matter of urgency to reduce the attack surface.