CVE-2022-25433 – CVE-2022-25433 is a critical stack overflow vul... (How to Fix)

Q: What is the severity of CVE-2022-25433?

CVE-2022-25433 has a CVSS score of 9.8 (CRITICAL). CVE-2022-25433 is a critical stack overflow vulnerability in Tenda AC9 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the saveparentcontrolinfo function. This affects all users running Tenda AC9 routers with firmware version 15.03.2.21. Successful exploitation could lead to complete device compromise.

📋 TL;DR

CVE-2022-25433 is a critical stack overflow vulnerability in Tenda AC9 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the saveparentcontrolinfo function. This affects all users running Tenda AC9 routers with firmware version 15.03.2.21. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Tenda AC9 wireless router

Versions: Firmware version 15.03.2.21

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version only. Other Tenda AC9 firmware versions may or may not be vulnerable.

📦 What is this software?

Ac9 Firmware by Tenda

View all CVEs affecting Ac9 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full control of the router, enabling traffic interception, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router compromise leading to DNS hijacking, credential harvesting, and botnet recruitment for DDoS attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and firewall rules preventing external access to router management interface.

🌐 Internet-Facing: HIGH - Router management interfaces are often exposed to the internet, and the vulnerability requires no authentication.

🏢 Internal Only: HIGH - Even internally, any compromised device on the network could exploit this vulnerability to take over the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists in GitHub repositories. The vulnerability requires no authentication and has a simple exploitation path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda website for latest firmware > 15.03.2.21

Vendor Advisory: Not publicly documented by vendor

Restart Required: Yes

Instructions:

1. Log into Tenda router admin interface. 2. Navigate to System Tools > Firmware Upgrade. 3. Download latest firmware from Tenda website. 4. Upload and install firmware. 5. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router management interface

Navigate to Advanced > System Tools > Remote Management and disable

Network segmentation

all

Isolate router management interface to trusted network segment

Configure firewall rules to restrict access to router IP on ports 80/443

🧯 If You Can't Patch

Replace vulnerable router with different model/brand
Implement strict network ACLs to block all access to router management interface from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools

Check Version:

curl -s http://router-ip/goform/getStatus | grep version or check web interface

Verify Fix Applied:

Verify firmware version is updated to version higher than 15.03.2.21

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/saveParentControlInfo
Multiple failed exploitation attempts with long URLs parameter

Network Indicators:

Unusual traffic patterns to router management interface
POST requests with abnormally long urls parameter

SIEM Query:

source="router_logs" AND (url="/goform/saveParentControlInfo" OR method="POST" AND uri CONTAINS "saveParentControlInfo")

📊 Metadata

CVE ID: CVE-2022-25433

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 18, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/5 Exploit,Third Party Advisory
https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/5 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25433, you might also want to check these: