CVE-2023-51090 – CVE-2023-51090 is a critical stack overflow vul... (How to Fix)

Q: What is the severity of CVE-2023-51090?

CVE-2023-51090 has a CVSS score of 9.8 (CRITICAL). CVE-2023-51090 is a critical stack overflow vulnerability in Tenda M3 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the formGetWeiXinConfig function. This affects all users running Tenda M3 V1.0.0.12(4856) firmware. Successful exploitation could lead to complete device compromise.

📋 TL;DR

CVE-2023-51090 is a critical stack overflow vulnerability in Tenda M3 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the formGetWeiXinConfig function. This affects all users running Tenda M3 V1.0.0.12(4856) firmware. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Tenda M3

Versions: V1.0.0.12(4856)

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default. No special configuration required.

📦 What is this software?

M3 Firmware by Tenda

View all CVEs affecting M3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router takeover allowing attackers to intercept network traffic, modify DNS settings, and launch attacks against internal devices.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and this vulnerability can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Could still be exploited by malicious insiders or compromised internal devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists in GitHub repositories. Exploitation requires sending crafted HTTP requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download latest firmware for M3 model. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected Tenda M3 routers with different models from other vendors
Implement strict firewall rules to block all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is V1.0.0.12(4856), device is vulnerable.

Check Version:

Access router web interface at http://192.168.0.1 or http://192.168.1.1 and check System Status or Firmware Version page

Verify Fix Applied:

Verify firmware version has been updated to a version later than V1.0.0.12(4856)

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to router management interface
Multiple failed authentication attempts followed by successful access
Unexpected firmware modification logs

Network Indicators:

Unusual outbound connections from router
DNS hijacking patterns
Traffic redirection to suspicious IPs

SIEM Query:

source="router_logs" AND (uri="/goform/GetWeiXinConfig" OR uri="/goform/formGetWeiXinConfig") AND method="POST"

📊 Metadata

CVE ID: CVE-2023-51090

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: December 26, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/GD008/TENDA/blob/main/M3/getWeiXinConfig/M3_getWeiXinConfig.md Exploit,Third Party Advisory
https://github.com/GD008/TENDA/blob/main/M3/getWeiXinConfig/M3_getWeiXinConfig.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51090, you might also want to check these: