Login Sign Up

CVE-2024-30589

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This CVE describes a stack overflow vulnerability in Tenda FH1202 routers that allows remote code execution. Attackers can exploit the 'entrys' parameter in the fromAddressNat function to crash the device or execute arbitrary code. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:
  • Tenda FH1202 router
Versions: v1.2.0.14(408)
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: Only this specific firmware version is confirmed vulnerable. Other versions may also be affected but not verified.

📦 What is this software?

Fh1202 Firmware by Tenda

View all CVEs affecting Fh1202 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent backdoor installation, network traffic interception, and lateral movement to connected devices.

🟠

Likely Case

Router crash requiring physical reset, temporary network disruption, or limited code execution for reconnaissance.

🟢

If Mitigated

Denial of service with no persistent compromise if proper network segmentation and access controls are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-exposed devices immediate targets.
🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this to pivot within the network, but requires initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept exists in GitHub repositories. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates. 2. Download latest firmware for FH1202. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to trusted network segment only

🧯 If You Can't Patch

  • Replace affected router with different model or vendor
  • Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is exactly v1.2.0.14(408), device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Information page

Verify Fix Applied:

After firmware update, verify version has changed from v1.2.0.14(408) to a newer version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP POST requests to router management interface
  • Router crash/reboot logs
  • Memory corruption errors in system logs

Network Indicators:

  • Unusual traffic patterns to router management port (typically 80/443)
  • Exploit-specific payload patterns in network traffic

SIEM Query:

source="router_logs" AND ("fromAddressNat" OR "entrys" OR "stack overflow")

📊 Metadata

CVE ID: CVE-2024-30589
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: March 28, 2024
Last Updated: March 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30589, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)