CVE-2023-48111 – This vulnerability in Tenda AX1803 routers allo... (How to Fix)

Q: What is the severity of CVE-2023-48111?

CVE-2023-48111 has a CVSS score of 7.5 (HIGH). This vulnerability in Tenda AX1803 routers allows attackers to trigger a stack overflow via the time parameter in the saveParentControlInfo function, leading to Denial of Service (DoS). Attackers can crash the device remotely, disrupting network connectivity. Only users running Tenda AX1803 v1.0.0.1 are affected.

📋 TL;DR

This vulnerability in Tenda AX1803 routers allows attackers to trigger a stack overflow via the time parameter in the saveParentControlInfo function, leading to Denial of Service (DoS). Attackers can crash the device remotely, disrupting network connectivity. Only users running Tenda AX1803 v1.0.0.1 are affected.

💻 Affected Systems

Products:

Tenda AX1803

Versions: v1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default. The saveParentControlInfo function is part of the web management interface.

📦 What is this software?

Ax1803 Firmware by Tenda

View all CVEs affecting Ax1803 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical power cycle, extended network downtime, and potential for remote code execution if stack overflow can be controlled.

🟠

Likely Case

Router becomes unresponsive, requiring reboot and causing temporary network disruption for connected devices.

🟢

If Mitigated

No impact if device is patched or not exposed to untrusted networks.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing, and this vulnerability can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to disrupt local network services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is well-documented with public proof-of-concept available. Exploitation requires sending a specially crafted HTTP request to the router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. If update available, download and install via router web interface. 3. Reboot router after installation.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Access router admin panel -> Advanced Settings -> Remote Management -> Disable

Restrict web interface access

all

Limit access to router management interface to trusted IPs only

Access router admin panel -> Security -> Access Control -> Add trusted IP ranges

🧯 If You Can't Patch

Replace vulnerable router with different model or vendor
Place router behind firewall with strict inbound filtering

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface: Login -> System Status -> Firmware Version

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is no longer v1.0.0.1 after update

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/saveParentControlInfo with malformed time parameter
Router crash/reboot logs
Unusual traffic patterns to router management interface

Network Indicators:

HTTP POST requests with unusually long time parameter values
Traffic to router port 80/443 from unexpected sources

SIEM Query:

source="router.log" AND (url="/goform/saveParentControlInfo" OR "ParentControlInfo") AND time_parameter_length>100

📊 Metadata

CVE ID: CVE-2023-48111

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: November 20, 2023

Last Updated: November 21, 2024

🔗 References

http://tjr181.com/index.php/archives/13/ Exploit,Third Party Advisory
http://tjr181.com/index.php/archives/13/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48111, you might also want to check these: