CVE-2023-49427 – A buffer overflow vulnerability in Tenda AX12 r... (How to Fix)

Q: What is the severity of CVE-2023-49427?

CVE-2023-49427 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in Tenda AX12 routers allows remote attackers to cause denial of service by sending specially crafted requests to the SetNetControlList function. This affects Tenda AX12 routers running firmware version V22.03.01.46. Attackers can crash the device or potentially execute arbitrary code.

📋 TL;DR

A buffer overflow vulnerability in Tenda AX12 routers allows remote attackers to cause denial of service by sending specially crafted requests to the SetNetControlList function. This affects Tenda AX12 routers running firmware version V22.03.01.46. Attackers can crash the device or potentially execute arbitrary code.

💻 Affected Systems

Products:

Tenda AX12

Versions: V22.03.01.46

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version only. Other Tenda models or different firmware versions may not be vulnerable.

📦 What is this software?

Ax12 Firmware by Tenda

View all CVEs affecting Ax12 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, and lateral movement to connected networks.

🟠

Likely Case

Denial of service causing router reboot or crash, disrupting network connectivity for all connected devices.

🟢

If Mitigated

Limited to DoS with proper network segmentation and firewall rules blocking external access to router management interfaces.

🌐 Internet-Facing: HIGH - Router management interfaces are often exposed to WAN by default, allowing direct remote exploitation.

🏢 Internal Only: MEDIUM - Requires attacker to be on local network, but many routers have vulnerable web interfaces accessible from LAN.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates exploitation via HTTP POST request with oversized list parameter. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AX12. 3. Access router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Access router admin > Advanced > System Tools > Remote Management > Disable

Block management interface ports

linux

Firewall rules to block access to router web interface

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Segment router management interface to isolated VLAN
Implement strict firewall rules allowing only trusted IPs to access router management

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Status or System Tools

Check Version:

curl -s http://router-ip/ | grep -i firmware || Check web interface manually

Verify Fix Applied:

Verify firmware version is different from V22.03.01.46 after update

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/SetNetControlList with large payloads
Router crash/reboot logs
Unusual traffic to router management interface

Network Indicators:

HTTP requests with oversized list parameters to router IP
Multiple connection attempts to router port 80/443

SIEM Query:

source="router.log" AND ("SetNetControlList" OR "POST /goform/" AND content_length>1000)

📊 Metadata

CVE ID: CVE-2023-49427

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: January 10, 2024

Last Updated: June 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49427, you might also want to check these: