CVE-2023-24333 – A stack overflow vulnerability in Tenda AC21 ro... (How to Fix)

Q: What is the severity of CVE-2023-24333?

CVE-2023-24333 has a CVSS score of 8.8 (HIGH). A stack overflow vulnerability in Tenda AC21 routers allows attackers to execute arbitrary commands via crafted POST requests to the /goform/openSchedWifi endpoint. This affects Tenda AC21 devices with specific firmware versions, potentially enabling remote code execution on vulnerable routers.

📋 TL;DR

A stack overflow vulnerability in Tenda AC21 routers allows attackers to execute arbitrary commands via crafted POST requests to the /goform/openSchedWifi endpoint. This affects Tenda AC21 devices with specific firmware versions, potentially enabling remote code execution on vulnerable routers.

💻 Affected Systems

Products:

Tenda AC21

Versions: US_AC21V1.0re_V16.03.08.15_cn_TDC01

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific firmware version. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Ac21 Firmware by Tenda

View all CVEs affecting Ac21 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to intercept traffic, modify DNS settings, install persistent malware, and pivot to internal networks.

🟠

Likely Case

Router takeover leading to network disruption, credential theft from connected devices, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and the exploit requires no authentication.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access, but external exposure is the primary concern.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists in GitHub repositories. Exploitation requires sending a crafted HTTP POST request to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not publicly available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC21 model. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and install new firmware. 6. Reboot router after installation.

🔧 Temporary Workarounds

Block External Access to Router Admin

all

Configure firewall to block WAN access to router administration interface (typically port 80/443).

Disable Remote Management

all

Turn off remote management feature in router settings to prevent external access to admin interface.

🧯 If You Can't Patch

Isolate router on separate VLAN with strict firewall rules limiting traffic to/from the device.
Implement network monitoring for suspicious POST requests to /goform/openSchedWifi endpoint.

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version matches US_AC21V1.0re_V16.03.08.15_cn_TDC01, device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Update section for version information.

Verify Fix Applied:

After firmware update, verify version no longer matches vulnerable version and test that POST requests to /goform/openSchedWifi no longer cause issues.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/openSchedWifi with unusual payloads
Router reboot events following POST requests
Unusual command execution in router logs

Network Indicators:

HTTP traffic to router IP on port 80/443 with POST to /goform/openSchedWifi
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (uri="/goform/openSchedWifi" OR method="POST") AND (payload_size>1000 OR contains(payload,"cmd") OR contains(payload,"exec"))

📊 Metadata

CVE ID: CVE-2023-24333

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: February 21, 2024

Last Updated: March 25, 2025

🔗 References

https://github.com/caoyebo/CVE/tree/main/TENDA%20AC21%20-%20CVE-2023-24333 Exploit,Third Party Advisory
https://github.com/caoyebo/CVE/tree/main/TENDA%20AC21%20-%20CVE-2023-24333 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24333, you might also want to check these: