CVE-2024-10130 – This critical vulnerability in Tenda AC8 router... (How to Fix)

📋 TL;DR

This critical vulnerability in Tenda AC8 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the reboot timer configuration function. Attackers can exploit this without authentication to potentially take full control of affected devices. All users running the vulnerable firmware version are at risk.

💻 Affected Systems

Products:

Tenda AC8

Versions: 16.03.34.06

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default. The vulnerable endpoint is accessible via web interface.

📦 What is this software?

Ac8 Firmware by Tenda

View all CVEs affecting Ac8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to internal networks, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as a pivot point into internal networks.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal threats could still exploit it.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for AC8 model
3. Access router admin interface
4. Navigate to System Tools > Firmware Upgrade
5. Upload and install new firmware
6. Reboot router after installation

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Network segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace affected devices with different models or brands
Place router behind dedicated firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Access router web interface, navigate to System Status or About page, check firmware version matches 16.03.34.06

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version has changed from 16.03.34.06 to a newer version after update

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetSysAutoRebbotCfg
Multiple failed reboot attempts
Unexpected configuration changes

Network Indicators:

Unusual outbound connections from router
Traffic patterns suggesting command and control
Port scanning originating from router

SIEM Query:

source="router_logs" AND (uri="/goform/SetSysAutoRebbotCfg" OR message="rebootTime")

📊 Metadata

CVE ID: CVE-2024-10130

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: October 18, 2024

Last Updated: October 28, 2024

🔗 References

https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/FUN_004a8838.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.280918 Permissions Required
https://vuldb.com/?id.280918 Permissions Required
https://vuldb.com/?submit.422141 Third Party Advisory
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10130, you might also want to check these: