CVE-2022-24146 – Tenda AX3 routers running firmware version 16.0... (How to Fix)

📋 TL;DR

Tenda AX3 routers running firmware version 16.03.12.10_CN contain a stack overflow vulnerability in the formSetQosBand function. Attackers can exploit this by sending specially crafted requests to the list parameter, causing a Denial of Service (DoS) that crashes the router. This affects users of Tenda AX3 routers with the vulnerable firmware version.

💻 Affected Systems

Products:

Tenda AX3

Versions: v16.03.12.10_CN

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the Chinese firmware version; other regional versions may also be vulnerable but unconfirmed.

📦 What is this software?

Ax3 Firmware by Tenda

View all CVEs affecting Ax3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical power cycle, potentially leading to extended network downtime and loss of connectivity for all connected devices.

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality, causing temporary network disruption.

🟢

If Mitigated

If router is behind firewall with restricted WAN access, impact is limited to internal attackers only.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to remote attackers.

🏢 Internal Only: MEDIUM - Internal network users could exploit this to disrupt network connectivity.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available in GitHub repository; exploitation requires sending crafted HTTP request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates
2. If update available, download and upload via router admin interface
3. Reboot router after update

🔧 Temporary Workarounds

Disable QoS Bandwidth Control

all

Disable the QoS feature that contains the vulnerable function

Restrict Router Admin Access

all

Limit access to router admin interface to trusted IP addresses only

🧯 If You Can't Patch

Replace router with different model or vendor
Place router behind firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or About page

Check Version:

Not applicable - check via router web interface

Verify Fix Applied:

Verify firmware version is newer than v16.03.12.10_CN

📡 Detection & Monitoring

Log Indicators:

Router crash logs
Repeated reboot events
Unusual HTTP requests to formSetQosBand endpoint

Network Indicators:

Sudden loss of router connectivity
Unusual HTTP traffic to router admin port

SIEM Query:

Not applicable - router logs typically not integrated into SIEM

📊 Metadata

CVE ID: CVE-2022-24146

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: February 4, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_16/16.md Broken Link,Exploit,Third Party Advisory
https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_16/16.md Broken Link,Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24146, you might also want to check these: