CVE-2024-30584 – This CVE describes a stack overflow vulnerabili... (How to Fix)

📋 TL;DR

This CVE describes a stack overflow vulnerability in Tenda FH1202 routers that allows remote code execution. Attackers can exploit the vulnerability by sending specially crafted requests to the affected function. Users of Tenda FH1202 routers with the vulnerable firmware are affected.

💻 Affected Systems

Products:

Tenda FH1202

Versions: v1.2.0.14(408)

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface which is typically enabled by default.

📦 What is this software?

Fh1202 Firmware by Tenda

View all CVEs affecting Fh1202 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, and lateral movement to other devices on the network.

🟠

Likely Case

Router takeover allowing attackers to modify DNS settings, intercept traffic, or use the device as part of a botnet.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available in GitHub repository. Exploitation requires network access to the router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for FH1202
3. Access router web interface
4. Navigate to firmware upgrade section
5. Upload and apply new firmware
6. Reboot router

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace vulnerable device with supported model
Implement strict firewall rules blocking all WAN access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at http://router_ip/

Check Version:

curl -s http://router_ip/ | grep -i firmware

Verify Fix Applied:

Verify firmware version has been updated to a version later than v1.2.0.14(408)

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts
Unusual POST requests to formWifiBasicSet endpoint
Firmware modification logs

Network Indicators:

Unusual outbound connections from router
DNS hijacking patterns
Traffic redirection

SIEM Query:

source="router_logs" AND (uri="/goform/formWifiBasicSet" OR message="stack overflow")

📊 Metadata

CVE ID: CVE-2024-30584

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: March 28, 2024

Last Updated: March 13, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWifiBasicSet_security.md Broken Link,Exploit,Third Party Advisory
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWifiBasicSet_security.md Broken Link,Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30584, you might also want to check these: