CVE-2022-24995 – This vulnerability is a stack overflow in Tenda... (How to Fix)

📋 TL;DR

This vulnerability is a stack overflow in Tenda AX3 routers running firmware version 16.03.12.10_CN. Attackers can send specially crafted time parameters to cause a Denial of Service (DoS), potentially crashing the router. This affects users of Tenda AX3 routers with the vulnerable firmware version.

💻 Affected Systems

Products:

Tenda AX3

Versions: v16.03.12.10_CN

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Chinese firmware version; other regional versions may not be vulnerable.

📦 What is this software?

Ax3 Firmware by Tenda

View all CVEs affecting Ax3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reboot, potentially allowing remote code execution if the overflow can be controlled to execute arbitrary code.

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality, disrupting network connectivity for all connected devices.

🟢

If Mitigated

Limited to temporary service disruption if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available in GitHub repositories, making this easily weaponizable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for AX3
3. Access router admin interface
4. Navigate to firmware update section
5. Upload and apply new firmware
6. Reboot router

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface from untrusted networks

Access Control Lists

all

Restrict access to router management interface to trusted IPs only

🧯 If You Can't Patch

Replace vulnerable router with updated model or different vendor
Implement network monitoring for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface; if version is 16.03.12.10_CN, device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Information page

Verify Fix Applied:

Verify firmware version has been updated to a version later than 16.03.12.10_CN.

📡 Detection & Monitoring

Log Indicators:

Router crash logs
Unexpected reboots
Failed authentication attempts to management interface

Network Indicators:

Unusual traffic to router management port (typically 80/443)
Malformed HTTP requests with time parameters

SIEM Query:

source="router.log" AND ("crash" OR "reboot" OR "fromSetSysTime")

📊 Metadata

CVE ID: CVE-2022-24995

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 10, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/7 Exploit,Third Party Advisory
https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/7 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24995, you might also want to check these: