CVE-2024-30591 – CVE-2024-30591 is a stack overflow vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-30591?

CVE-2024-30591 has a CVSS score of 8.8 (HIGH). CVE-2024-30591 is a stack overflow vulnerability in Tenda FH1202 routers that allows remote code execution via the time parameter in the saveParentControlInfo function. Attackers can exploit this to take control of affected routers. Users of Tenda FH1202 routers with vulnerable firmware are affected.

📋 TL;DR

CVE-2024-30591 is a stack overflow vulnerability in Tenda FH1202 routers that allows remote code execution via the time parameter in the saveParentControlInfo function. Attackers can exploit this to take control of affected routers. Users of Tenda FH1202 routers with vulnerable firmware are affected.

💻 Affected Systems

Products:

Tenda FH1202

Versions: v1.2.0.14(408)

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web management interface accessible via LAN/WAN. Parental control feature must be enabled.

📦 What is this software?

Fh1202 Firmware by Tenda

View all CVEs affecting Fh1202 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with persistent backdoor installation, credential theft, and pivot to internal network devices.

🟠

Likely Case

Router takeover leading to DNS hijacking, traffic interception, and denial of service.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and updated firmware.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authentication to router web interface. Proof-of-concept code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Log into router admin panel. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent WAN access to router web interface

Restrict LAN access

all

Use firewall rules to limit which devices can access router admin interface

🧯 If You Can't Patch

Isolate router on separate VLAN with strict access controls
Implement network segmentation to limit router compromise impact

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status > Firmware Version

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than v1.2.0.14(408)

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/saveParentControlInfo with long time parameter
Multiple failed authentication attempts followed by successful login

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Port scanning originating from router

SIEM Query:

source="router_logs" AND (uri_path="/goform/saveParentControlInfo" AND param_length>100) OR (event="authentication" AND result="success" AFTER result="failure")

📊 Metadata

CVE ID: CVE-2024-30591

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 28, 2024

Last Updated: March 13, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_time.md Broken Link,Exploit,Third Party Advisory
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_time.md Broken Link,Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30591, you might also want to check these: