CVE-2023-44019 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-44019?

CVE-2023-44019 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10U routers via a stack overflow in the GetParentControlInfo function. Attackers can exploit this by sending specially crafted requests to the vulnerable parameter. All users of the affected router model and firmware version are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10U routers via a stack overflow in the GetParentControlInfo function. Attackers can exploit this by sending specially crafted requests to the vulnerable parameter. All users of the affected router model and firmware version are at risk.

💻 Affected Systems

Products:

Tenda AC10U

Versions: v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Only this specific firmware version is confirmed vulnerable. Other versions may also be affected but not verified.

📦 What is this software?

Ac10u Firmware by Tendacn

View all CVEs affecting Ac10u Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, and lateral movement to other devices on the network.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as part of a botnet.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web interfaces accessible from WAN.

🏢 Internal Only: MEDIUM - Attackers could exploit from compromised internal systems or via phishing/malware.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains detailed analysis and proof-of-concept. Exploitation requires sending crafted HTTP request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC10U. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Log into router admin > Advanced > System Tools > Remote Management > Disable

Network Segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to block WAN access to router admin interface (typically port 80/443)

🧯 If You Can't Patch

Replace vulnerable router with different model/brand
Place router behind dedicated firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade page.

Check Version:

curl -s http://router-ip/goform/getStatus | grep -i version

Verify Fix Applied:

Verify firmware version has changed from vulnerable version V15.03.06.49 to newer version.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /goform/GetParentControlInfo
Multiple failed login attempts followed by exploitation attempts
Router reboot logs after exploitation

Network Indicators:

Unusual outbound connections from router
Traffic to known C2 servers
Port scanning originating from router

SIEM Query:

source="router.log" AND ("GetParentControlInfo" OR "mac parameter overflow")

📊 Metadata

CVE ID: CVE-2023-44019

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: September 27, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/aixiao0621/Tenda/blob/main/AC10U/5/0.md Third Party Advisory
https://github.com/aixiao0621/Tenda/blob/main/AC10U/5/0.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-44019, you might also want to check these: