CVE-2022-25459 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2022-25459?

CVE-2022-25459 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda AC6 routers via a stack overflow in the SetSysTimeCfg function. Attackers can exploit this by sending specially crafted requests to the vulnerable parameter, potentially gaining full control of affected devices. All users running the vulnerable firmware version are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC6 routers via a stack overflow in the SetSysTimeCfg function. Attackers can exploit this by sending specially crafted requests to the vulnerable parameter, potentially gaining full control of affected devices. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:

Tenda AC6 wireless router

Versions: v15.03.05.09_multi

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web management interface's time configuration function.

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to other devices, and participation in botnets.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web interfaces accessible from WAN.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists in GitHub repositories. The vulnerability requires no authentication and has a simple exploitation path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda website for latest firmware > v15.03.05.09

Vendor Advisory: Not publicly documented by vendor

Restart Required: Yes

Instructions:

1. Visit Tenda support website. 2. Download latest firmware for AC6 model. 3. Log into router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Log into router > Advanced > System Tools > Remote Management > Disable

Restrict management interface access

all

Limit which IPs can access router management

Log into router > Advanced > Security > Access Control > Add allowed IPs only

🧯 If You Can't Patch

Isolate router on separate VLAN with strict firewall rules
Implement network monitoring for unusual traffic patterns from router

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface: System Status > Firmware Version

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than v15.03.05.09 and test time configuration function

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetSysTimeCfg
Multiple failed login attempts followed by time configuration requests

Network Indicators:

Unusual outbound connections from router
Traffic patterns suggesting device compromise

SIEM Query:

source="router_logs" AND (uri="/goform/SetSysTimeCfg" OR parameter="S1")

📊 Metadata

CVE ID: CVE-2022-25459

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 18, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC6/15 Exploit,Third Party Advisory
https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC6/15 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25459, you might also want to check these: