CVE-2024-0992 – A critical stack-based buffer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-0992?

CVE-2024-0992 has a CVSS score of 7.2 (HIGH). A critical stack-based buffer overflow vulnerability exists in Tenda i6 routers version 1.0.0.9(3857). Remote attackers can exploit this via the HTTP interface to potentially execute arbitrary code or crash the device. This affects all users running the vulnerable firmware.

📋 TL;DR

A critical stack-based buffer overflow vulnerability exists in Tenda i6 routers version 1.0.0.9(3857). Remote attackers can exploit this via the HTTP interface to potentially execute arbitrary code or crash the device. This affects all users running the vulnerable firmware.

💻 Affected Systems

Products:

Tenda i6 router

Versions: 1.0.0.9(3857)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the httpd component handling WiFi SSID configuration. Default configuration is vulnerable as the web management interface is typically enabled.

📦 What is this software?

I6 Firmware by Tenda

View all CVEs affecting I6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, router takeover, credential theft, and lateral movement into connected networks.

🟠

Likely Case

Device crash causing denial of service, potentially requiring physical reset and disrupting network connectivity.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted HTTP access, though still vulnerable to internal threats.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via HTTP interface, which is typically internet-accessible on routers.

🏢 Internal Only: HIGH - Even internally, the HTTP management interface is usually accessible and vulnerable.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly disclosed. The vulnerability requires no authentication and has straightforward exploitation path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider replacing affected devices or implementing workarounds.

🔧 Temporary Workarounds

Disable HTTP management interface

all

Disable the web management interface or restrict access to trusted IPs only

Access router admin panel → System Tools → Remote Management → Disable or restrict IP range

Change default management port

all

Change HTTP management port from default 80 to non-standard port

Access router admin panel → System Tools → Remote Management → Change HTTP port

🧯 If You Can't Patch

Isolate affected routers in separate network segment with strict firewall rules
Implement network monitoring for exploitation attempts and device crashes

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin panel: Login → System Status → Firmware Version

Check Version:

Check web interface at http://router-ip or use router admin panel

Verify Fix Applied:

No fix available to verify. Monitor for device stability and absence of crashes.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /goform/wifiSSIDset with abnormal parameters
Device crash/reboot logs
Unusual process creation

Network Indicators:

HTTP POST requests to /goform/wifiSSIDset with long index parameter
Sudden loss of router connectivity

SIEM Query:

http.url:"/goform/wifiSSIDset" AND http.method:POST AND (http.request.body:*index=* OR http.request.body.length>100)

📊 Metadata

CVE ID: CVE-2024-0992

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: January 29, 2024

Last Updated: November 21, 2024

🔗 References

https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-f0e8be2eb0614e03a60160b48f8527f5?pvs=4 Exploit,Permissions Required,Third Party Advisory
https://vuldb.com/?ctiid.252257 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.252257 Permissions Required,Third Party Advisory,VDB Entry
https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-f0e8be2eb0614e03a60160b48f8527f5?pvs=4 Exploit,Permissions Required,Third Party Advisory
https://vuldb.com/?ctiid.252257 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.252257 Permissions Required,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0992, you might also want to check these: