CVE-2024-10280

Q: What is the severity of CVE-2024-10280?

CVE-2024-10280 has a CVSS score of 6.5 (MEDIUM). A null pointer dereference vulnerability in Tenda routers allows remote attackers to cause denial of service by manipulating the Content-Length argument in the websReadEvent function. This affects multiple Tenda AC series router models up to October 22, 2024. Attackers can exploit this remotely without authentication to crash the router's web service.

6.5 MEDIUM

Denial of Service

📋 TL;DR

A null pointer dereference vulnerability in Tenda routers allows remote attackers to cause denial of service by manipulating the Content-Length argument in the websReadEvent function. This affects multiple Tenda AC series router models up to October 22, 2024. Attackers can exploit this remotely without authentication to crash the router's web service.

💻 Affected Systems

Products:

Tenda AC6
Tenda AC7
Tenda AC8
Tenda AC9
Tenda AC10
Tenda AC10U
Tenda AC15
Tenda AC18
Tenda AC500
Tenda AC1206

Versions: All versions up to 20241022

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All affected models with firmware versions up to October 22, 2024 are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Router becomes completely unresponsive requiring physical reboot, potentially disrupting all network connectivity for connected devices.

🟠

Likely Case

Web management interface becomes unavailable, requiring router reboot to restore functionality.

🟢

If Mitigated

Minimal impact if routers are behind firewalls with restricted WAN access to management interfaces.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication, and routers are typically internet-facing devices.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for your model. 3. Access router web interface. 4. Navigate to firmware upgrade section. 5. Upload and install new firmware. 6. Reboot router after installation.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Restrict Management Interface Access

all

Limit access to router web interface to trusted IP addresses only

🧯 If You Can't Patch

Place routers behind firewalls with strict inbound rules blocking access to port 80/443
Implement network segmentation to isolate routers from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status or About page. If version date is 20241022 or earlier, router is vulnerable.

Check Version:

No CLI command available. Must check via web interface at http://router-ip/ or router admin panel.

Verify Fix Applied:

After firmware update, verify version shows date later than 20241022 and test web interface functionality remains stable.

📡 Detection & Monitoring

Log Indicators:

Multiple connection attempts to /goform/GetIPTV
Web service crash logs
Router reboot events without user action

Network Indicators:

HTTP requests with manipulated Content-Length headers to router IP
Sudden loss of connectivity to router management interface

SIEM Query:

source="router_logs" AND (uri="/goform/GetIPTV" OR event="web_service_crash")

📊 Metadata

CVE ID: CVE-2024-10280

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: October 23, 2024

Last Updated: November 1, 2024

🔗 References

https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md Third Party Advisory
https://vuldb.com/?ctiid.281555 Permissions Required,VDB Entry
https://vuldb.com/?id.281555 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.426417 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ac10 Firmware by Tenda

Ac10 Firmware by Tenda

Ac10 Firmware by Tenda

Ac10 Firmware by Tenda

Ac10u Firmware by Tenda

Ac10u Firmware by Tenda

Ac1206 Firmware by Tenda

Ac15 Firmware by Tenda

Ac15 Firmware by Tenda

Ac18 Firmware by Tenda

Ac18 Firmware by Tenda

Ac500 Firmware by Tenda

Ac500 Firmware by Tenda

Ac500 Firmware by Tenda

Ac6 Firmware by Tenda

Ac7 Firmware by Tenda

Ac8 Firmware by Tenda

Ac8 Firmware by Tenda

Ac9 Firmware by Tenda

Ac9 Firmware by Tenda

Ac9 Firmware by Tenda

Ac9 Firmware by Tenda

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Remote Management

Restrict Management Interface Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities