CVE-2023-37715 – This vulnerability is a stack overflow in Tenda... (How to Fix)

Q: What is the severity of CVE-2023-37715?

CVE-2023-37715 has a CVSS score of 9.8 (CRITICAL). This vulnerability is a stack overflow in Tenda F1202 and FH1202 routers that allows remote code execution. Attackers can exploit it by sending specially crafted requests to the vulnerable frmL7ProtForm function. Users of affected router models with vulnerable firmware versions are at risk.

📋 TL;DR

This vulnerability is a stack overflow in Tenda F1202 and FH1202 routers that allows remote code execution. Attackers can exploit it by sending specially crafted requests to the vulnerable frmL7ProtForm function. Users of affected router models with vulnerable firmware versions are at risk.

💻 Affected Systems

Products:

Tenda F1202
Tenda FH1202

Versions: F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web management interface. All devices running these firmware versions are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, and lateral movement to connected devices.

🟠

Likely Case

Router takeover enabling DNS hijacking, credential theft, and botnet recruitment.

🟢

If Mitigated

Limited impact if routers are behind firewalls with strict inbound filtering and regular firmware updates.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web management interfaces exposed.

🏢 Internal Only: MEDIUM - Could be exploited from internal networks if attacker gains initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists in GitHub repository. Exploitation requires network access to router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for your model. 3. Log into router admin panel. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface to trusted network

🧯 If You Can't Patch

Replace affected routers with supported models
Implement strict firewall rules blocking all inbound traffic to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin panel under System Status or Firmware Upgrade section

Check Version:

Login to router web interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version is newer than affected versions listed above

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/frmL7ProtForm
Unusual process execution in router logs
Failed authentication attempts followed by exploitation

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Traffic patterns indicating command and control

SIEM Query:

source="router_logs" AND (uri="/goform/frmL7ProtForm" OR process="exploit")

📊 Metadata

CVE ID: CVE-2023-37715

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: July 14, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fmL7ProtForm/reprot.md Exploit,Third Party Advisory
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fmL7ProtForm/reprot.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37715, you might also want to check these: