CVE-2022-24170 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2022-24170?

CVE-2022-24170 has a CVSS score of 9.8 (CRITICAL). This CVE describes a command injection vulnerability in Tenda G1 and G3 routers that allows attackers to execute arbitrary commands via specific parameters. Attackers can potentially take full control of affected routers. Users of Tenda G1 and G3 routers with vulnerable firmware versions are affected.

📋 TL;DR

This CVE describes a command injection vulnerability in Tenda G1 and G3 routers that allows attackers to execute arbitrary commands via specific parameters. Attackers can potentially take full control of affected routers. Users of Tenda G1 and G3 routers with vulnerable firmware versions are affected.

💻 Affected Systems

Products:

Tenda G1 router
Tenda G3 router

Versions: v15.11.0.17(9502)_CN

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Chinese firmware version (CN). Other regional firmware versions may not be vulnerable.

📦 What is this software?

G1 Firmware by Tendacn

View all CVEs affecting G1 Firmware →

G3 Firmware by Tendacn

View all CVEs affecting G3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attackers to intercept all network traffic, install persistent backdoors, pivot to internal networks, and use the router for botnet activities.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and installation of malware on connected devices.

🟢

If Mitigated

Limited impact if routers are behind firewalls with strict inbound filtering and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - If routers are not internet-facing, attackers would need initial network access, but exploitation could still lead to significant internal compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists in GitHub repositories. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda support for latest firmware

Vendor Advisory: No official vendor advisory URL found

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to firmware update section. 3. Download latest firmware from Tenda website. 4. Upload and install firmware update. 5. Reboot router after installation.

🔧 Temporary Workarounds

Disable IPsec functionality

all

Disable IPsec VPN functionality if not required, as the vulnerability exists in the IPsec configuration handler.

Network segmentation

all

Place routers in isolated network segments with strict firewall rules limiting access to management interfaces.

🧯 If You Can't Patch

Replace affected routers with different models or brands
Implement strict network access controls to limit exposure to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is v15.11.0.17(9502)_CN, the device is vulnerable.

Check Version:

Log into router web interface and check System Status or Firmware Update section for current version.

Verify Fix Applied:

After updating firmware, verify the version has changed from v15.11.0.17(9502)_CN to a newer version.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in router logs
Unexpected IPsec configuration changes
Failed authentication attempts to router admin interface

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains from router
Unexpected VPN tunnel establishment

SIEM Query:

source="router_logs" AND ("formSetIpSecTunnel" OR "IPsecLocalNet" OR "IPsecRemoteNet")

📊 Metadata

CVE ID: CVE-2022-24170

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: February 4, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_36/36.md Exploit,Third Party Advisory
https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_36/36.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24170, you might also want to check these: