CVE-2021-45391 – A buffer overflow vulnerability in Tenda AX12 r... (How to Fix)

📋 TL;DR

A buffer overflow vulnerability in Tenda AX12 routers allows attackers to cause denial of service by sending specially crafted requests to the httpd service. This affects Tenda AX12 router users running vulnerable firmware version V22.03.01.21_CN. The vulnerability is triggered via the conType parameter in the setIPv6Status function.

💻 Affected Systems

Products:

Tenda Router AX12

Versions: V22.03.01.21_CN

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific Chinese firmware version mentioned. Other regional variants or versions may not be vulnerable.

📦 What is this software?

Ax12 Firmware by Tenda

View all CVEs affecting Ax12 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reboot, potential for remote code execution if buffer overflow can be controlled to execute arbitrary code.

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality, disrupting network connectivity for all connected devices.

🟢

If Mitigated

Limited to denial of service if proper input validation prevents code execution, but still causes service disruption.

🌐 Internet-Facing: HIGH - The vulnerable httpd service is typically exposed to WAN/LAN interfaces, making routers directly accessible from the internet vulnerable to remote attacks.

🏢 Internal Only: MEDIUM - Internal network attackers can exploit this, but requires network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists in GitHub repositories. The vulnerability requires no authentication and has simple exploitation requirements.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official advisory found

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for AX12
3. Access router admin interface
4. Navigate to firmware upgrade section
5. Upload and apply new firmware
6. Wait for router to reboot

🔧 Temporary Workarounds

Disable IPv6 functionality

all

Disable IPv6 features to prevent access to the vulnerable setIPv6Status function

Access router admin interface -> Network Settings -> IPv6 -> Disable

Restrict management interface access

all

Limit access to router's web management interface to trusted IP addresses only

Access router admin interface -> Security -> Access Control -> Add trusted IP ranges

🧯 If You Can't Patch

Replace vulnerable router with different model or manufacturer
Place router behind additional firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is exactly V22.03.01.21_CN, the device is vulnerable.

Check Version:

Access router web interface at 192.168.0.1 or 192.168.1.1, navigate to System Status or About page

Verify Fix Applied:

After firmware update, verify version has changed from V22.03.01.21_CN. Test by attempting to access the vulnerable endpoint.

📡 Detection & Monitoring

Log Indicators:

Multiple failed HTTP requests to /goform/setIPv6Status
Router crash/reboot logs
Unusual conType parameter values in httpd logs

Network Indicators:

HTTP POST requests to /goform/setIPv6Status with malformed conType parameter
Sudden loss of router connectivity

SIEM Query:

http.url:"/goform/setIPv6Status" AND http.method:POST AND (http.param.conType:* OR http.body:*conType*)

📊 Metadata

CVE ID: CVE-2021-45391

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: February 16, 2022

Last Updated: November 21, 2024

🔗 References

http://tendawifi.com/index.html Broken Link
https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/1 Exploit,Third Party Advisory
https://www.tenda.com.cn/ Vendor Advisory
https://www.tenda.com.cn/product/AX12.html Product,Vendor Advisory
http://tendawifi.com/index.html Broken Link
https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/1 Exploit,Third Party Advisory
https://www.tenda.com.cn/ Vendor Advisory
https://www.tenda.com.cn/product/AX12.html Product,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45391, you might also want to check these: