CVE-2024-2705 – A critical stack-based buffer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-2705?

CVE-2024-2705 has a CVSS score of 8.8 (HIGH). A critical stack-based buffer overflow vulnerability in Tenda AC10U routers allows remote attackers to execute arbitrary code by manipulating the 'list' argument in the formSetQosBand function. This affects Tenda AC10U routers running firmware versions 1.0 through 15.03.06.49. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Tenda AC10U routers allows remote attackers to execute arbitrary code by manipulating the 'list' argument in the formSetQosBand function. This affects Tenda AC10U routers running firmware versions 1.0 through 15.03.06.49. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Tenda AC10U

Versions: 1.0 through 15.03.06.49

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable by default. The web management interface must be accessible for exploitation.

📦 What is this software?

Ac10u Firmware by Tenda

View all CVEs affecting Ac10u Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence installation, network pivoting, and data exfiltration.

🟠

Likely Case

Router takeover enabling traffic interception, DNS manipulation, credential theft, and botnet recruitment.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH - Directly exposed routers can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this if they reach the management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available on GitHub. The vulnerability requires sending a specially crafted HTTP request to the /goform/SetNetControlList endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. If update available, download and install via web interface 3. Factory reset after update 4. Reconfigure with secure settings

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Access router web interface -> Advanced -> System Tools -> Remote Management -> Disable

Network Segmentation

all

Isolate router management interface to trusted network segment

Configure firewall rules to restrict access to router IP on ports 80/443

🧯 If You Can't Patch

Replace affected routers with supported models from different vendors
Implement strict network access controls to limit exposure of router management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface: Login -> Advanced -> System Tools -> Firmware Upgrade

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than 15.03.06.49 or from different vendor

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /goform/SetNetControlList
Multiple failed buffer overflow attempts in system logs

Network Indicators:

HTTP traffic to router IP with unusually long 'list' parameter values
Suspicious payloads in POST requests

SIEM Query:

source="router_logs" AND (uri="/goform/SetNetControlList" AND method="POST" AND size>1024)

📊 Metadata

CVE ID: CVE-2024-2705

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 20, 2024

Last Updated: December 12, 2024

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetQosBand.md Exploit
https://vuldb.com/?ctiid.257456 Permissions Required,VDB Entry
https://vuldb.com/?id.257456 Third Party Advisory,VDB Entry
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetQosBand.md Exploit
https://vuldb.com/?ctiid.257456 Permissions Required,VDB Entry
https://vuldb.com/?id.257456 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2705, you might also want to check these: