CVE-2023-44015 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-44015?

CVE-2023-44015 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10U routers by exploiting a stack overflow in the setSchedWifi function. Attackers can gain full control of affected devices by sending specially crafted requests to the vulnerable parameter. This affects all users running the vulnerable firmware version.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10U routers by exploiting a stack overflow in the setSchedWifi function. Attackers can gain full control of affected devices by sending specially crafted requests to the vulnerable parameter. This affects all users running the vulnerable firmware version.

💻 Affected Systems

Products:

Tenda AC10U

Versions: v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version only. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Ac10u Firmware by Tendacn

View all CVEs affecting Ac10u Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to persistent backdoor installation, network traffic interception, credential theft, and lateral movement to other network devices.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as a botnet node.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web management interfaces exposed.

🏢 Internal Only: MEDIUM - Attackers could exploit from compromised internal hosts or via phishing/malware.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub. Exploitation requires sending crafted HTTP requests to the router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC10U. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Log into router admin > Advanced > System > Remote Management > Disable

Network segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to block external access to router IP on ports 80/443

🧯 If You Can't Patch

Replace affected routers with patched or different vendor models
Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools > Firmware Upgrade

Check Version:

curl -s http://router-ip/ | grep -i firmware or check web interface

Verify Fix Applied:

Verify firmware version is newer than US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to setSchedWifi endpoint
Multiple failed login attempts followed by successful exploitation

Network Indicators:

Unusual outbound connections from router
Traffic to known malicious IPs from router

SIEM Query:

source="router-logs" AND (uri="/goform/setSchedWifi" OR uri="*setSchedWifi*") AND method="POST"

📊 Metadata

CVE ID: CVE-2023-44015

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: September 27, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/aixiao0621/Tenda/blob/main/AC10U/8/0.md Third Party Advisory
https://github.com/aixiao0621/Tenda/blob/main/AC10U/8/0.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-44015, you might also want to check these: