CVE-2021-45401 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2021-45401?

CVE-2021-45401 has a CVSS score of 9.8 (CRITICAL). This CVE describes a command injection vulnerability in Tenda AC10U routers that allows remote attackers to execute arbitrary commands with root privileges. Attackers can exploit this by sending specially crafted requests to the setUsbUnload functionality. All users of affected Tenda AC10U routers with vulnerable firmware are at risk.

📋 TL;DR

This CVE describes a command injection vulnerability in Tenda AC10U routers that allows remote attackers to execute arbitrary commands with root privileges. Attackers can exploit this by sending specially crafted requests to the setUsbUnload functionality. All users of affected Tenda AC10U routers with vulnerable firmware are at risk.

💻 Affected Systems

Products:

Tenda AC10U AC1200 Smart Dual-band Wireless Router

Versions: Firmware V15.03.06.49_multi

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version on the AC10U V1.0 hardware model. The vulnerability is in the web management interface.

📦 What is this software?

Ac10u Firmware by Tendacn

View all CVEs affecting Ac10u Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to intercept all network traffic, install persistent malware, pivot to internal networks, and use the router as part of a botnet.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and installation of cryptocurrency miners or other malware.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available in GitHub repository. Exploitation requires network access to router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check Tenda website for firmware updates. If update available, download and flash via web interface.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Access router settings > Advanced > System > Remote Management > Disable

Block web interface from WAN

linux

Use firewall to block external access to router management ports

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Replace router with different model/brand
Place router behind dedicated firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface: Login > Advanced > System > Firmware Upgrade

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than V15.03.06.49_multi

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setUsbUnload
Suspicious command execution in system logs

Network Indicators:

Unusual outbound connections from router
DNS queries to malicious domains from router

SIEM Query:

source="router.log" AND "setUsbUnload" AND ("deviceName" OR "doSystemCmd")

📊 Metadata

CVE ID: CVE-2021-45401

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/Tenda_AC10U_command_injection_RCE.pdf Exploit,Third Party Advisory
https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/Tenda_AC10U_command_injection_RCE.pdf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45401, you might also want to check these: