Login Sign Up

CVE-2021-45992

7.5 HIGH
Denial of Service

📋 TL;DR

This CVE describes a stack overflow vulnerability in Tenda G1 and G3 routers that allows attackers to cause a Denial of Service (DoS) by sending specially crafted requests to the qvlanName parameter. The vulnerability affects users running specific firmware versions on these router models. Attackers can exploit this remotely without authentication.

💻 Affected Systems

Products:
  • Tenda G1 Router
  • Tenda G3 Router
Versions: v15.11.0.17(9502)_CN
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects Chinese firmware version. Other regional versions may also be vulnerable but not confirmed.

📦 What is this software?

G1 Firmware by Tendacn

View all CVEs affecting G1 Firmware →

G3 Firmware by Tendacn

View all CVEs affecting G3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reboot, potential remote code execution if stack overflow can be controlled to execute arbitrary code (though not confirmed in this CVE).

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality, disrupting network connectivity for all connected devices.

🟢

If Mitigated

If routers are behind firewalls with restricted WAN access, risk is limited to internal attackers or compromised internal hosts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept code is publicly available on GitHub. Exploitation requires sending crafted HTTP requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. If update available, download and install via router admin interface. 3. Reboot router after installation.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router administration interface

Network segmentation

all

Place routers in isolated network segments with strict firewall rules

🧯 If You Can't Patch

  • Replace affected routers with different models or brands
  • Implement strict network access controls to limit who can reach router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version matches affected version, assume vulnerable.

Check Version:

Login to router admin interface and check firmware version in System Status or similar section

Verify Fix Applied:

Verify firmware version has been updated to a version newer than v15.11.0.17(9502)_CN

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed HTTP requests to router management interface
  • Router crash/reboot logs
  • Unusual traffic to formSetQvlanList endpoint

Network Indicators:

  • HTTP POST requests with unusually long qvlanName parameter
  • Traffic to router management port (typically 80/443) from unexpected sources

SIEM Query:

source_ip=* dest_ip=[ROUTER_IP] dest_port=80 OR dest_port=443 http_uri="*formSetQvlanList*" http_param="qvlanName" length>100

📊 Metadata

CVE ID: CVE-2021-45992
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: February 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45992, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)