Login Sign Up

CVE-2022-24144

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2022-24144 is a critical command injection vulnerability in Tenda AX3 routers that allows attackers to execute arbitrary system commands by manipulating gateway, dns1, and dns2 parameters. This affects Tenda AX3 v16.03.12.10_CN routers, potentially giving attackers full control over vulnerable devices. Attackers can exploit this remotely without authentication.

💻 Affected Systems

Products:
  • Tenda AX3
Versions: v16.03.12.10_CN
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects Chinese firmware version. Other regional versions may also be vulnerable but unconfirmed.

📦 What is this software?

Ax3 Firmware by Tenda

View all CVEs affecting Ax3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with persistent backdoor installation, credential theft, network pivoting to internal systems, and participation in botnets.

🟠

Likely Case

Router takeover for DNS hijacking, credential harvesting, and use as proxy for malicious traffic.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and strong network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web management interfaces accessible from WAN.
🏢 Internal Only: MEDIUM - Could be exploited from internal network if attacker gains initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public GitHub repository contains proof-of-concept. Exploitation requires sending crafted HTTP requests to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions than v16.03.12.10_CN

Vendor Advisory: Not publicly documented by Tenda

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to firmware update section. 3. Download latest firmware from Tenda website. 4. Upload and apply update. 5. Reboot router.

🔧 Temporary Workarounds

Disable WAN Management Access

all

Prevent external access to router management interface

Login to router → Advanced Settings → Remote Management → Disable

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

  • Replace vulnerable router with patched model or different vendor
  • Implement strict firewall rules blocking all external access to router management ports (typically 80, 443, 8080)

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is v16.03.12.10_CN, device is vulnerable.

Check Version:

curl -s http://router-ip/ | grep -i version or check web interface

Verify Fix Applied:

Verify firmware version is updated to later version than v16.03.12.10_CN

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /goform/WanParameterSetting
  • Suspicious commands in system logs
  • Unexpected process execution

Network Indicators:

  • Unusual outbound connections from router
  • DNS traffic to malicious servers
  • Unexpected port openings

SIEM Query:

source="router_logs" AND (uri="/goform/WanParameterSetting" OR cmd="*;*" OR cmd="*|*")

📊 Metadata

CVE ID: CVE-2022-24144
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: February 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24144, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)