CVE-2024-30587 – CVE-2024-30587 is a critical stack overflow vul... (How to Fix)

Q: What is the severity of CVE-2024-30587?

CVE-2024-30587 has a CVSS score of 9.8 (CRITICAL). CVE-2024-30587 is a critical stack overflow vulnerability in Tenda FH1202 routers that allows remote code execution. Attackers can exploit the 'urls' parameter in the saveParentControlInfo function to crash the device or execute arbitrary code. This affects all users running the vulnerable firmware version.

📋 TL;DR

CVE-2024-30587 is a critical stack overflow vulnerability in Tenda FH1202 routers that allows remote code execution. Attackers can exploit the 'urls' parameter in the saveParentControlInfo function to crash the device or execute arbitrary code. This affects all users running the vulnerable firmware version.

💻 Affected Systems

Products:

Tenda FH1202

Versions: v1.2.0.14(408)

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web management interface's parent control feature. No special configuration is required for exploitation.

📦 What is this software?

Fh1202 Firmware by Tenda

View all CVEs affecting Fh1202 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent backdoor installation, network traffic interception, and lateral movement to other devices on the network.

🟠

Likely Case

Remote code execution leading to device takeover, enabling attackers to modify router settings, intercept traffic, or use the device as a botnet node.

🟢

If Mitigated

Denial of service through device crash if exploit fails to achieve code execution, requiring physical reset.

🌐 Internet-Facing: HIGH - The vulnerable function is accessible via web interface, making internet-exposed devices immediately vulnerable to remote attacks.

🏢 Internal Only: MEDIUM - Devices behind firewalls are still vulnerable to internal attackers or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code is available in GitHub repositories. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. If update available, download and install via web interface. 3. Reboot router after installation. 4. Verify firmware version is no longer v1.2.0.14(408).

🔧 Temporary Workarounds

Disable web management interface

all

Prevent access to the vulnerable function by disabling the router's web interface

Access router settings via SSH/Telnet if available and disable web interface

Network segmentation

all

Isolate vulnerable routers from critical network segments

Configure firewall rules to restrict access to router management interface

🧯 If You Can't Patch

Replace vulnerable devices with patched or different model routers
Implement strict network access controls to limit exposure of router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at 192.168.0.1 or 192.168.1.1, login and navigate to System Status

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is no longer v1.2.0.14(408) and test if saveParentControlInfo function still accepts malformed urls parameter

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/saveParentControlInfo with long urls parameter
Router crash/reboot logs
Multiple failed login attempts followed by exploitation attempts

Network Indicators:

HTTP requests with unusually long parameters to router management interface
Traffic patterns suggesting router compromise (unexpected outbound connections)

SIEM Query:

source="router_logs" AND (uri_path="/goform/saveParentControlInfo" AND parameter_length>1000) OR (event_type="crash" AND device_model="FH1202")

📊 Metadata

CVE ID: CVE-2024-30587

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: March 28, 2024

Last Updated: March 13, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_urls.md Broken Link,Exploit,Third Party Advisory
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_urls.md Broken Link,Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30587, you might also want to check these: