CVE-2023-37144 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-37144?

CVE-2023-37144 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary commands on Tenda AC10 routers by injecting malicious commands into the mac parameter of the formWriteFacMac function. Attackers can gain full control of affected devices, potentially compromising network security. Users running Tenda AC10 v15.03.06.26 firmware are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on Tenda AC10 routers by injecting malicious commands into the mac parameter of the formWriteFacMac function. Attackers can gain full control of affected devices, potentially compromising network security. Users running Tenda AC10 v15.03.06.26 firmware are affected.

💻 Affected Systems

Products:

Tenda AC10

Versions: v15.03.06.26

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific firmware version. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Ac10 Firmware by Tendacn

View all CVEs affecting Ac10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to persistent backdoor installation, network traffic interception, credential theft, and lateral movement to other network devices.

🟠

Likely Case

Router compromise allowing attackers to modify DNS settings, intercept traffic, deploy malware to connected devices, or use the router as part of a botnet.

🟢

If Mitigated

Limited impact if device is behind strict firewall rules, not internet-facing, and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers worldwide.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain network access, but requires local network presence.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available in GitHub repository. Command injection vulnerabilities are typically easy to weaponize once details are public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates. 2. Download latest firmware for AC10 model. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router after update completes.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router administration interface

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected router with different model or vendor
Implement strict firewall rules blocking all inbound traffic to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is exactly v15.03.06.26, device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Update section

Verify Fix Applied:

Verify firmware version has changed from v15.03.06.26 to a newer version after update.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in router logs
Multiple failed login attempts followed by successful access
Unexpected firmware modification attempts

Network Indicators:

Unusual outbound connections from router
DNS hijacking patterns
Traffic redirection to suspicious IPs

SIEM Query:

source="router_logs" AND ("formWriteFacMac" OR "mac parameter" OR command_injection)

📊 Metadata

CVE ID: CVE-2023-37144

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: July 7, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/DaDong-G/Vulnerability_info/blob/main/ac10_command_injection/Readme.md Exploit,Third Party Advisory
https://github.com/DaDong-G/Vulnerability_info/blob/main/ac10_command_injection/Readme.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37144, you might also want to check these: