CVE-2024-12002 – This vulnerability in Tenda FH series routers a... (How to Fix)

Q: What is the severity of CVE-2024-12002?

CVE-2024-12002 has a CVSS score of 4.3 (MEDIUM). This vulnerability in Tenda FH series routers allows remote attackers to cause a denial-of-service (DoS) by sending specially crafted requests to the /goform/GetIPTV endpoint. The null pointer dereference in the websReadEvent function can crash the device when manipulated Content-Length values are provided. Affected users include anyone running vulnerable Tenda FH451, FH1201, FH1202, or FH1206 routers.

📋 TL;DR

This vulnerability in Tenda FH series routers allows remote attackers to cause a denial-of-service (DoS) by sending specially crafted requests to the /goform/GetIPTV endpoint. The null pointer dereference in the websReadEvent function can crash the device when manipulated Content-Length values are provided. Affected users include anyone running vulnerable Tenda FH451, FH1201, FH1202, or FH1206 routers.

💻 Affected Systems

Products:

Tenda FH451
Tenda FH1201
Tenda FH1202
Tenda FH1206

Versions: All versions up to 20241129

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface component. Devices with default configurations that expose management interfaces are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker causes permanent device crash requiring physical reset or power cycle, disrupting all network connectivity.

🟠

Likely Case

Temporary service disruption causing router reboot or network downtime until device restarts automatically.

🟢

If Mitigated

Minimal impact with proper network segmentation and firewall rules blocking external access to router management interfaces.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication, making internet-exposed routers particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this to disrupt network connectivity within the local network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub. Simple HTTP request manipulation required. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: No

Instructions:

Check Tenda website for firmware updates. If update available: 1. Download latest firmware from vendor site. 2. Log into router admin interface. 3. Navigate to firmware update section. 4. Upload and apply new firmware. 5. Wait for router to reboot.

🔧 Temporary Workarounds

Block External Access to Management Interface

all

Configure firewall to block inbound connections to router web interface (typically port 80/443) from external networks.

Disable Remote Management

all

Turn off remote management feature in router settings to prevent external access to vulnerable endpoint.

🧯 If You Can't Patch

Segment network to isolate routers from untrusted networks
Implement strict firewall rules blocking all external access to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version date is 20241129 or earlier, device is vulnerable.

Check Version:

Log into router web interface and check System Status or Firmware Version page.

Verify Fix Applied:

After firmware update, verify version shows date after 20241129. Test by attempting to send crafted request to /goform/GetIPTV endpoint.

📡 Detection & Monitoring

Log Indicators:

Multiple connection attempts to /goform/GetIPTV
Router crash/reboot events in system logs
Unusual Content-Length values in HTTP requests

Network Indicators:

HTTP POST requests to /goform/GetIPTV with manipulated Content-Length headers
Sudden loss of connectivity to router management interface

SIEM Query:

http.url:"/goform/GetIPTV" AND http.method:POST AND (http.content_length:<0 OR http.content_length:>1000000)

📊 Metadata

CVE ID: CVE-2024-12002

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-404

Published: November 30, 2024

Last Updated: December 10, 2024

🔗 References

https://github.com/Kalvin2077/tenda-fh-cve Exploit,Third Party Advisory
https://vuldb.com/?ctiid.286417 Permissions Required,VDB Entry
https://vuldb.com/?id.286417 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.453974 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12002, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fh1201 Firmware by Tenda

Fh1201 Firmware by Tenda

Fh1202 Firmware by Tenda

Fh1202 Firmware by Tenda

Fh1202 Firmware by Tenda

Fh1206 Firmware by Tenda

Fh451 Firmware by Tenda

Fh451 Firmware by Tenda

Fh451 Firmware by Tenda

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Block External Access to Management Interface

Disable Remote Management

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities