CVE-2022-24143 – This CVE describes a stack overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-24143?

CVE-2022-24143 has a CVSS score of 7.5 (HIGH). This CVE describes a stack overflow vulnerability in Tenda AX3 and AX12 routers' form_fast_setting_wifi_set function. Attackers can exploit it by sending specially crafted timeZone parameter values to cause a Denial of Service (DoS), potentially crashing the router. Users of affected Tenda router models with vulnerable firmware versions are impacted.

📋 TL;DR

This CVE describes a stack overflow vulnerability in Tenda AX3 and AX12 routers' form_fast_setting_wifi_set function. Attackers can exploit it by sending specially crafted timeZone parameter values to cause a Denial of Service (DoS), potentially crashing the router. Users of affected Tenda router models with vulnerable firmware versions are impacted.

💻 Affected Systems

Products:

Tenda AX3
Tenda AX12

Versions: AX3 v16.03.12.10_CN, AX12 22.03.01.2_CN

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only Chinese firmware versions (CN) are confirmed affected. Other regional firmware may also be vulnerable but not confirmed.

📦 What is this software?

Ax12 Firmware by Tenda

View all CVEs affecting Ax12 Firmware →

Ax3 Firmware by Tenda

View all CVEs affecting Ax3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Router becomes completely unresponsive, requiring physical power cycle or factory reset to restore functionality, disrupting all network services.

🟠

Likely Case

Router crashes or becomes unstable, causing temporary network outage until device reboots automatically or manually.

🟢

If Mitigated

If network segmentation and access controls are implemented, impact is limited to the router itself without affecting other network segments.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists in GitHub repository. Exploitation requires network access to router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda website for latest firmware updates

Vendor Advisory: https://www.tendacn.com/en/

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to System Tools > Firmware Upgrade. 3. Download latest firmware from Tenda website. 4. Upload and install firmware. 5. Router will reboot automatically.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Network segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

Replace affected routers with patched or different models
Implement strict firewall rules to block all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Version

Check Version:

Login to router web interface and check System Status page

Verify Fix Applied:

Verify firmware version has been updated to newer than affected versions

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
Unusual HTTP POST requests to form_fast_setting_wifi_set endpoint

Network Indicators:

Sudden loss of connectivity to router
Unusual traffic patterns to router management interface

SIEM Query:

source="router_logs" AND ("crash" OR "reboot" OR "form_fast_setting_wifi_set")

📊 Metadata

CVE ID: CVE-2022-24143

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: February 4, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_17/17.md Broken Link,Exploit,Third Party Advisory
https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_17/17.md Broken Link,Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24143, you might also want to check these: