CVE-2024-28383 – This vulnerability is a stack overflow in Tenda... (How to Fix)

Q: What is the severity of CVE-2024-28383?

CVE-2024-28383 has a CVSS score of 9.8 (CRITICAL). This vulnerability is a stack overflow in Tenda AX12 routers that allows remote attackers to execute arbitrary code by sending a specially crafted SSID parameter. It affects Tenda AX12 v1.0 routers running firmware version 22.03.01.16. Attackers can exploit this without authentication to potentially take full control of affected routers.

📋 TL;DR

This vulnerability is a stack overflow in Tenda AX12 routers that allows remote attackers to execute arbitrary code by sending a specially crafted SSID parameter. It affects Tenda AX12 v1.0 routers running firmware version 22.03.01.16. Attackers can exploit this without authentication to potentially take full control of affected routers.

💻 Affected Systems

Products:

Tenda AX12 v1.0

Versions: v22.03.01.16

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the default web interface configuration. No special configuration required for exploitation.

📦 What is this software?

Ax12 Firmware by Tenda

View all CVEs affecting Ax12 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, allowing attackers to intercept traffic, modify DNS settings, install malware, or use the router as a pivot point into internal networks.

🟠

Likely Case

Router compromise leading to man-in-the-middle attacks, credential theft, and network disruption for affected users.

🟢

If Mitigated

Limited impact if routers are behind firewalls with strict inbound filtering, though internal network compromise remains possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains analysis and likely exploit code. The vulnerability requires no authentication and has low exploitation complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for AX12 v1.0. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevents external attackers from accessing the vulnerable interface

Log into router admin interface and disable 'Remote Management' or 'Web Management from WAN'

Network Segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to block external access to router management ports (typically 80/443)

🧯 If You Can't Patch

Replace affected routers with different models that are not vulnerable
Place routers behind dedicated firewalls with strict inbound filtering rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools

Check Version:

Log into router web interface and check System Status page

Verify Fix Applied:

Verify firmware version is newer than v22.03.01.16 after update

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to router management interface with long SSID parameters
Multiple failed login attempts followed by exploitation attempts

Network Indicators:

External IP addresses accessing router management ports
Unusual outbound traffic from router to unknown destinations

SIEM Query:

source_ip=EXTERNAL AND dest_port IN (80,443) AND http_method=POST AND uri_contains="set" AND param_length>1000

📊 Metadata

CVE ID: CVE-2024-28383

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 14, 2024

Last Updated: March 13, 2025

🔗 References

https://github.com/cvdyfbwa/IoT-Tenda-Router/blob/main/sub_431CF0.md Exploit,Third Party Advisory
https://github.com/cvdyfbwa/IoT-Tenda-Router/blob/main/sub_431CF0.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28383, you might also want to check these: