CVE-2022-30425 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2022-30425?

CVE-2022-30425 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary commands on Tenda HG6 routers by injecting malicious commands into the pingAddr and traceAddr parameters via crafted POST requests. Attackers can gain full control of affected devices. All users running vulnerable firmware versions are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on Tenda HG6 routers by injecting malicious commands into the pingAddr and traceAddr parameters via crafted POST requests. Attackers can gain full control of affected devices. All users running vulnerable firmware versions are affected.

💻 Affected Systems

Products:

Tenda HG6

Versions: 3.3.0-210926 and likely earlier versions

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web management interface. No authentication bypass required.

📦 What is this software?

Hg6 Firmware by Tenda

View all CVEs affecting Hg6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, intercept traffic, or use device as botnet node.

🟠

Likely Case

Remote code execution leading to device takeover, credential theft, DNS hijacking, or denial of service.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Directly exploitable from internet if device has WAN interface exposed.

🏢 Internal Only: HIGH - Exploitable from internal network by any user who can reach the web interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST request with command injection payload. Public exploit code available in vulnerability disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tendacn.com/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for HG6. 3. Log into router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload new firmware file. 6. Wait for reboot.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict access to router web interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

Disable Remote Management

all

Turn off WAN access to web interface in router settings

🧯 If You Can't Patch

Place router behind firewall with strict inbound rules blocking all WAN access to management interface
Implement network segmentation to isolate router from critical internal systems

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Status or System Tools > Firmware Upgrade

Check Version:

curl -s http://router_ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than 3.3.0-210926 and test with known exploit payloads

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/ping/trace endpoints
Commands like ;, |, &, $() in URL parameters
Multiple failed login attempts followed by ping/trace requests

Network Indicators:

HTTP POST to /goform/ping or /goform/trace with shell metacharacters
Outbound connections from router to unusual IPs/ports

SIEM Query:

source="router_logs" AND (url="/goform/ping" OR url="/goform/trace") AND (param="pingAddr" OR param="traceAddr") AND (value="*;*" OR value="*|*" OR value="*&*" OR value="*$(*)")

📊 Metadata

CVE ID: CVE-2022-30425

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: June 2, 2022

Last Updated: November 21, 2024

🔗 References

https://www.tendacn.com/ Vendor Advisory
https://www.tendacn.com/product/HG6.html Product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5706.php Exploit,Third Party Advisory
https://www.tendacn.com/ Vendor Advisory
https://www.tendacn.com/product/HG6.html Product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5706.php Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30425, you might also want to check these: