CVE-2021-45989 – This vulnerability is a stack overflow in Tenda... (How to Fix)

Q: What is the severity of CVE-2021-45989?

CVE-2021-45989 has a CVSS score of 7.5 (HIGH). This vulnerability is a stack overflow in Tenda G1 and G3 routers that allows attackers to cause a Denial of Service (DoS) by sending specially crafted requests to the guestWifiRuleRefresh function. Attackers can exploit this remotely via the qosGuestUpstream and qosGuestDownstream parameters. Users of affected Tenda router models with vulnerable firmware are at risk.

📋 TL;DR

This vulnerability is a stack overflow in Tenda G1 and G3 routers that allows attackers to cause a Denial of Service (DoS) by sending specially crafted requests to the guestWifiRuleRefresh function. Attackers can exploit this remotely via the qosGuestUpstream and qosGuestDownstream parameters. Users of affected Tenda router models with vulnerable firmware are at risk.

💻 Affected Systems

Products:

Tenda G1 Router
Tenda G3 Router

Versions: v15.11.0.17(9502)_CN

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Chinese firmware version. Guest WiFi feature must be enabled for exploitation.

📦 What is this software?

G1 Firmware by Tendacn

View all CVEs affecting G1 Firmware →

G3 Firmware by Tendacn

View all CVEs affecting G3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reboot, potentially disrupting all network connectivity for connected devices.

🟠

Likely Case

Router becomes unresponsive, requiring manual reboot to restore functionality, causing temporary network outage.

🟢

If Mitigated

If properly segmented or behind firewalls, impact limited to isolated guest network functionality.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices and the exploit can be triggered remotely.

🏢 Internal Only: LOW - The vulnerability requires network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept code is publicly available on GitHub. Exploitation requires sending crafted HTTP requests to the router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - Check Tenda for updated firmware

Vendor Advisory: Not publicly available

Restart Required: Yes

Instructions:

1. Log into Tenda router admin interface. 2. Navigate to System Tools > Firmware Upgrade. 3. Download latest firmware from Tenda website. 4. Upload and install firmware update. 5. Reboot router after installation.

🔧 Temporary Workarounds

Disable Guest WiFi

all

Disable the guest WiFi feature to prevent exploitation via vulnerable parameters.

Restrict Management Access

all

Configure firewall rules to restrict access to router management interface to trusted IPs only.

🧯 If You Can't Patch

Segment router on isolated network segment with strict firewall rules
Implement network monitoring for unusual traffic patterns to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is v15.11.0.17(9502)_CN and guest WiFi is enabled, device is vulnerable.

Check Version:

Log into router web interface and check System Status or Firmware Version page.

Verify Fix Applied:

Verify firmware version has been updated to a version later than v15.11.0.17(9502)_CN.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts
Unusual HTTP POST requests to guestWifiRuleRefresh endpoint
Router reboot logs without user action

Network Indicators:

Unusual HTTP traffic to router port 80/443 with qosGuest parameters
Sudden drop in router responsiveness

SIEM Query:

source="router_logs" AND (uri="*guestWifiRuleRefresh*" OR message="*reboot*" OR message="*crash*")

📊 Metadata

CVE ID: CVE-2021-45989

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: February 4, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_4/4.md Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/218959 Third Party Advisory
https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_4/4.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45989, you might also want to check these: