CVE-2024-10281 – A critical stack-based buffer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-10281?

CVE-2024-10281 has a CVSS score of 8.8 (HIGH). A critical stack-based buffer overflow vulnerability in Tenda RX9 and RX9 Pro routers allows remote attackers to execute arbitrary code by manipulating the SetStaticRouteCfg function. This affects users running vulnerable firmware versions on these specific router models. Successful exploitation could lead to complete device compromise.

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Tenda RX9 and RX9 Pro routers allows remote attackers to execute arbitrary code by manipulating the SetStaticRouteCfg function. This affects users running vulnerable firmware versions on these specific router models. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Tenda RX9
Tenda RX9 Pro

Versions: 22.03.02.10, 22.03.02.20

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface's SetStaticRouteCfg endpoint. No special configuration required for exploitation.

📦 What is this software?

Rx9 Pro Firmware by Tenda

View all CVEs affecting Rx9 Pro Firmware →

Rx9 Pro Firmware by Tenda

View all CVEs affecting Rx9 Pro Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network traffic interception, and lateral movement to internal devices.

🟠

Likely Case

Router takeover enabling man-in-the-middle attacks, DNS hijacking, and creation of persistent backdoor access.

🟢

If Mitigated

Limited impact if routers are behind firewalls with strict inbound filtering and not internet-facing.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication, making exposed routers immediate targets.

🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers or compromised devices on the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available on Gitee. Remote exploitation without authentication makes this highly attractive to attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for your model. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable routers from critical network segments

Access Control

linux

Block external access to router management interface

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Replace vulnerable routers with patched or different models
Implement strict network monitoring for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than 22.03.02.20 and test if SetStaticRouteCfg endpoint still exists

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetStaticRouteCfg
Router reboot events
Failed authentication attempts to admin interface

Network Indicators:

Unusual outbound connections from router
DNS configuration changes
New static route entries

SIEM Query:

source="router.log" AND (uri="/goform/SetStaticRouteCfg" OR "buffer overflow" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2024-10281

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: October 23, 2024

Last Updated: November 1, 2024

🔗 References

https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md Permissions Required
https://vuldb.com/?ctiid.281556 Permissions Required,VDB Entry
https://vuldb.com/?id.281556 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.427065 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10281, you might also want to check these: