A critical remote code execution vulnerability has been identified in multiple Tenda networking products. The flaw allows a remote, unauthenticated attacker to take complete control of an affected device by sending a specially crafted request. Due to the public availability of an exploit, this vulnerability poses a severe and immediate threat to network security, potentially leading to data breaches and further network compromise.

The vulnerability is a stack-based buffer overflow within the HTTP Request Handler component of the device's firmware. An unauthenticated remote attacker can exploit this by sending a crafted HTTP request to the /goform/DhcpListClient endpoint. By providing an overly long string in the page argument of this request, the attacker can overwrite the program's stack, enabling the execution of arbitrary code with the privileges of the device's web server process, typically root.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation allows an attacker to gain full administrative control over the affected network device. This could lead to severe consequences, including interception and theft of network traffic, unauthorized access to the internal network (pivoting), disruption of internet connectivity, and the use of the compromised device in botnet attacks. The risk to data confidentiality, integrity, and availability is exceptionally high.

Immediate Action: Update affected Tenda products to the latest firmware version as recommended by the vendor. This is the most effective way to mitigate the vulnerability.

Proactive Monitoring: Monitor web server access logs for any requests to the /goform/DhcpListClient endpoint, specifically looking for requests with unusually long values for the page parameter. Monitor network traffic for any anomalous outbound connections from Tenda devices, which could indicate a successful compromise and command-and-control communication.

Compensating Controls: If patching cannot be performed immediately, restrict access to the device's web management interface from the internet and other untrusted networks. If available, deploy Web Application Firewall (WAF) rules to block malicious requests targeting the vulnerable endpoint.

Public Exploit Available: true

Given the critical 9.8 CVSS score, the remote and unauthenticated nature of the vulnerability, and the confirmed availability of a public exploit, immediate remediation is strongly advised. Organizations must prioritize applying the vendor-supplied firmware updates to all affected Tenda devices without delay. Until patches are applied, implement compensating controls and enhance monitoring to detect potential exploitation attempts against internet-facing devices.