Login Sign Up

CVE-2022-24169

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2022-24169 is a stack overflow vulnerability in Tenda G1 and G3 routers that allows attackers to cause a Denial of Service (DoS) by sending specially crafted requests to the formIPMacBindAdd function. This affects users of specific Tenda router models running vulnerable firmware versions. Attackers can crash the router's web interface or potentially execute arbitrary code.

💻 Affected Systems

Products:
  • Tenda G1 Router
  • Tenda G3 Router
Versions: v15.11.0.17(9502)_CN
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Chinese firmware version. Other regional firmware versions may not be vulnerable.

📦 What is this software?

G1 Firmware by Tendacn

View all CVEs affecting G1 Firmware →

G3 Firmware by Tendacn

View all CVEs affecting G3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, network traffic interception, and lateral movement into connected devices.

🟠

Likely Case

Denial of Service causing router reboot or web interface crash, disrupting network connectivity.

🟢

If Mitigated

Limited to DoS with quick recovery if proper network segmentation and monitoring are in place.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and the vulnerability can be exploited remotely via the web interface.
🏢 Internal Only: MEDIUM - Could be exploited from within the network if an attacker gains internal access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept code is publicly available on GitHub. Exploitation requires network access to the router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda website for latest firmware updates

Vendor Advisory: Not publicly documented by vendor

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to System Tools > Firmware Upgrade. 3. Download latest firmware from Tenda website. 4. Upload and install firmware. 5. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface to trusted network

🧯 If You Can't Patch

  • Replace affected routers with updated models or different vendors
  • Implement strict firewall rules to limit access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

Login to router web interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version has been updated to a version newer than v15.11.0.17(9502)_CN

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts
  • Unusual POST requests to formIPMacBindAdd endpoint
  • Router reboot logs

Network Indicators:

  • Unusual traffic to router management port (typically 80/443)
  • Large payloads sent to router IP

SIEM Query:

source="router_logs" AND (uri="/goform/formIPMacBindAdd" OR message="reboot")

📊 Metadata

CVE ID: CVE-2022-24169
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: February 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24169, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)