CVE-2023-50991 – A buffer overflow vulnerability in Tenda i29 ro... (How to Fix)

📋 TL;DR

A buffer overflow vulnerability in Tenda i29 routers allows remote attackers to cause denial of service by sending specially crafted requests to the pingSet function. This affects users running vulnerable firmware versions on Tenda i29 devices. The vulnerability is exploitable without authentication.

💻 Affected Systems

Products:

Tenda i29

Versions: 1.0 V1.0.0.5 and 1.0 V1.0.0.2

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable in default configuration. The web management interface is typically exposed on port 80.

📦 What is this software?

I29 Firmware by Tenda

View all CVEs affecting I29 Firmware →

I29 Firmware by Tenda

View all CVEs affecting I29 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, or bricking of the device requiring hardware replacement.

🟠

Likely Case

Denial of service causing router reboot or crash, disrupting network connectivity for all connected devices.

🟢

If Mitigated

Limited to denial of service with automatic recovery after reboot if exploit attempts are blocked at network perimeter.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects internet-facing router interfaces.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to disrupt network connectivity within the local network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates DoS exploitation. The buffer overflow nature suggests potential for RCE with additional research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for i29 model
3. Access router web interface
4. Navigate to System Tools > Firmware Upgrade
5. Upload and apply new firmware
6. Wait for automatic reboot

🔧 Temporary Workarounds

Block web interface access

linux

Restrict access to router web management interface from untrusted networks

iptables -A INPUT -p tcp --dport 80 -s ! 192.168.0.0/16 -j DROP
iptables -A INPUT -p tcp --dport 443 -s ! 192.168.0.0/16 -j DROP

Disable remote management

all

Turn off remote management feature in router settings

🧯 If You Can't Patch

Isolate vulnerable routers in separate network segment with strict firewall rules
Replace vulnerable devices with updated models or different vendor products

🔍 How to Verify

Check if Vulnerable:

Access router web interface > System Status > Firmware Version, check if version matches affected versions

Check Version:

curl -s http://router-ip/ | grep -i firmware || wget -qO- http://router-ip/

Verify Fix Applied:

Verify firmware version has changed from affected versions and test ping functionality works normally

📡 Detection & Monitoring

Log Indicators:

Multiple failed ping requests
Router reboot events
Web interface access with malformed pingIp parameter

Network Indicators:

HTTP POST requests to /goform/pingSet with oversized pingIp parameter
Sudden loss of router connectivity

SIEM Query:

source="router.log" AND ("pingSet" OR "pingIp") AND (content_length>100 OR status=500)

📊 Metadata

CVE ID: CVE-2023-50991

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: January 5, 2024

Last Updated: June 13, 2025

🔗 References

https://github.com/ef4tless/vuln/blob/master/iot/i29/pingSet.md Exploit,Third Party Advisory
https://github.com/ef4tless/vuln/blob/master/iot/i29/pingSet.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50991, you might also want to check these: