Login Sign Up

CVE-2021-45994

7.5 HIGH
Denial of Service

📋 TL;DR

This CVE describes a stack overflow vulnerability in Tenda G1 and G3 routers that allows attackers to cause a Denial of Service (DoS) by exploiting the delDhcpIndex parameter in the formDelDhcpRule function. Attackers can crash the router's web interface or potentially execute arbitrary code. Only users of specific Tenda router models with vulnerable firmware versions are affected.

💻 Affected Systems

Products:
  • Tenda G1 Router
  • Tenda G3 Router
Versions: v15.11.0.17(9502)_CN
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Chinese firmware version; other regional versions may be unaffected.

📦 What is this software?

G1 Firmware by Tendacn

View all CVEs affecting G1 Firmware →

G3 Firmware by Tendacn

View all CVEs affecting G3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, persistent backdoor installation, and network traffic interception.

🟠

Likely Case

Denial of Service causing router reboot or web interface crash, disrupting network connectivity.

🟢

If Mitigated

Limited to DoS with quick recovery if proper network segmentation and monitoring are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept code is publicly available on GitHub. Exploitation requires network access to router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for your model. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface to trusted network

🧯 If You Can't Patch

  • Replace affected routers with updated models or different brands
  • Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools

Check Version:

Login to router web interface and check System Status page

Verify Fix Applied:

Verify firmware version is newer than v15.11.0.17(9502)_CN and test web interface functionality

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts to router admin interface
  • Unusual HTTP POST requests to formDelDhcpRule endpoint
  • Router reboot events in system logs

Network Indicators:

  • Unusual traffic to router port 80/443 from external IPs
  • HTTP requests with malformed delDhcpIndex parameter

SIEM Query:

source="router_logs" AND (uri="/goform/DelDhcpList" OR uri="/goform/formDelDhcpRule") AND (status=500 OR method=POST)

📊 Metadata

CVE ID: CVE-2021-45994
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: February 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45994, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)