CVE-2023-37717 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-37717?

CVE-2023-37717 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on affected Tenda routers via a stack overflow in the fromDhcpListClient function. Attackers can exploit this by sending specially crafted requests to the vulnerable parameter, potentially gaining full control of the device. All users running the specified Tenda router models with vulnerable firmware versions are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected Tenda routers via a stack overflow in the fromDhcpListClient function. Attackers can exploit this by sending specially crafted requests to the vulnerable parameter, potentially gaining full control of the device. All users running the specified Tenda router models with vulnerable firmware versions are affected.

💻 Affected Systems

Products:

Tenda F1202
Tenda FH1202
Tenda AC10
Tenda AC1206
Tenda AC7
Tenda AC5
Tenda AC9

Versions: F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, AC9 V3.0

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web management interface. Devices with default configurations are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to other devices, and participation in botnets.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available in GitHub repository. Exploitation requires network access to the router's management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for your model. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected routers from critical networks and internet exposure

Access Control

linux

Restrict access to router management interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Replace affected devices with supported models from different vendors
Implement strict network segmentation to isolate vulnerable routers

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface and compare with affected versions list

Check Version:

curl -s http://router-ip/ | grep -i version

Verify Fix Applied:

Verify firmware version has been updated to a version not listed in affected versions

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to router management interface
Multiple failed login attempts followed by successful access
Unexpected firmware modification logs

Network Indicators:

Unusual outbound connections from router
Traffic patterns indicating command and control communication
Port scanning originating from router

SIEM Query:

source="router_logs" AND (url="*fromDhcpListClient*" OR method="POST" AND uri="*cgi-bin*" AND size>1000)

📊 Metadata

CVE ID: CVE-2023-37717

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: July 14, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromDhcpListClient/repot.md Exploit,Third Party Advisory
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromDhcpListClient/repot.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37717, you might also want to check these: