CVE-2023-51954 – CVE-2023-51954 is a critical stack overflow vul... (How to Fix)

Q: What is the severity of CVE-2023-51954?

CVE-2023-51954 has a CVSS score of 9.8 (CRITICAL). CVE-2023-51954 is a critical stack overflow vulnerability in Tenda AX1803 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the iptv.stb.port parameter. This affects all users running the vulnerable firmware version, potentially giving attackers full control over the router.

📋 TL;DR

CVE-2023-51954 is a critical stack overflow vulnerability in Tenda AX1803 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the iptv.stb.port parameter. This affects all users running the vulnerable firmware version, potentially giving attackers full control over the router.

💻 Affected Systems

Products:

Tenda AX1803

Versions: v1.0.0.1

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Ax1803 Firmware by Tenda

View all CVEs affecting Ax1803 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, credential theft, network traffic interception, and lateral movement into connected devices.

🟠

Likely Case

Router takeover enabling man-in-the-middle attacks, DNS hijacking, and botnet recruitment.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and strong network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from WAN.

🏢 Internal Only: MEDIUM - Could be exploited from internal network if attacker gains initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates exploitation via HTTP POST request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware 3. Access router admin panel 4. Navigate to firmware upgrade section 5. Upload and install new firmware 6. Reboot router

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router admin interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected router with different model
Place router behind dedicated firewall with strict ingress filtering

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin panel under System Status or Firmware Upgrade section

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is no longer v1.0.0.1 after update

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /goform/setIptv
Multiple failed login attempts followed by successful exploit

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Port scanning from router IP

SIEM Query:

source="router.log" AND ("formSetIptv" OR "iptv.stb.port") AND status=200

📊 Metadata

CVE ID: CVE-2023-51954

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 10, 2024

Last Updated: June 3, 2025

🔗 References

https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70 Exploit,Third Party Advisory
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51954, you might also want to check these: