CVE-2024-3010 – This critical vulnerability in Tenda FH1205 rou... (How to Fix)

Q: What is the severity of CVE-2024-3010?

CVE-2024-3010 has a CVSS score of 8.8 (HIGH). This critical vulnerability in Tenda FH1205 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the formSetCfm function. Attackers can exploit this without authentication to potentially take full control of affected devices. Only Tenda FH1205 routers running firmware version 2.0.0.7(775) are affected.

📋 TL;DR

This critical vulnerability in Tenda FH1205 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the formSetCfm function. Attackers can exploit this without authentication to potentially take full control of affected devices. Only Tenda FH1205 routers running firmware version 2.0.0.7(775) are affected.

💻 Affected Systems

Products:

Tenda FH1205

Versions: 2.0.0.7(775)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default. The web management interface must be accessible for exploitation.

📦 What is this software?

Fh1205 Firmware by Tenda

View all CVEs affecting Fh1205 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, network traffic interception, and lateral movement to other devices on the network.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as part of a botnet.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering, though internal network compromise remains possible.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and public exploit code exists.

🏢 Internal Only: HIGH - Even internally, the vulnerability can be exploited by any attacker who gains network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub. The vulnerability requires network access to the router's web interface but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch is available. Contact Tenda support for firmware updates. Consider replacing affected devices if no patch becomes available.

🔧 Temporary Workarounds

Disable remote management

all

Disable WAN-side access to the router's web management interface

Network segmentation

all

Isolate affected routers on separate VLANs with strict firewall rules

🧯 If You Can't Patch

Replace affected Tenda FH1205 routers with different models from vendors that provide security updates
Implement strict network access controls to limit traffic to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at http://[router-ip]/goform/getStatus or via command: curl http://[router-ip]/goform/getStatus | grep version

Check Version:

curl -s http://[router-ip]/goform/getStatus | grep -o '"version":"[^"]*"'

Verify Fix Applied:

Verify firmware version has changed from 2.0.0.7(775) to a newer version

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setcfm with long funcpara1 parameters
Multiple failed authentication attempts followed by successful exploitation

Network Indicators:

Unusual outbound connections from router to unknown IPs
Traffic patterns suggesting router compromise (C2 communications)

SIEM Query:

source="router_logs" AND (url="/goform/setcfm" AND method="POST" AND size>1000) OR (event="buffer_overflow" AND device="Tenda_FH1205")

📊 Metadata

CVE ID: CVE-2024-3010

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 28, 2024

Last Updated: January 15, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formSetCfm.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.258296 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.258296 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.301489 Third Party Advisory,VDB Entry
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formSetCfm.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.258296 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.258296 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.301489 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3010, you might also want to check these: