CVE-2024-30602 – CVE-2024-30602 is a critical stack overflow vul... (How to Fix)

Q: What is the severity of CVE-2024-30602?

CVE-2024-30602 has a CVSS score of 9.8 (CRITICAL). CVE-2024-30602 is a critical stack overflow vulnerability in Tenda FH1203 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the setSchedWifi function. This affects all users running Tenda FH1203 v2.0.1.6 firmware who have the web management interface accessible.

📋 TL;DR

CVE-2024-30602 is a critical stack overflow vulnerability in Tenda FH1203 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the setSchedWifi function. This affects all users running Tenda FH1203 v2.0.1.6 firmware who have the web management interface accessible.

💻 Affected Systems

Products:

Tenda FH1203

Versions: v2.0.1.6

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web management interface's setSchedWifi function. Default configuration includes the vulnerable interface.

📦 What is this software?

Fh1203 Firmware by Tenda

View all CVEs affecting Fh1203 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, credential theft, and lateral movement to other devices on the network.

🟠

Likely Case

Remote code execution allowing attacker to modify router settings, intercept traffic, or use the device as part of a botnet.

🟢

If Mitigated

Limited impact if device is behind firewall with no external access to management interface.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects devices with web management exposed to the internet.

🏢 Internal Only: HIGH - Even internally, any attacker on the local network can exploit this vulnerability to gain full control of the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists in GitHub repositories. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for FH1203. 3. Access router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload new firmware file. 6. Wait for reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the vulnerable web interface

Access router web interface > System Tools > Remote Management > Disable

Restrict Management Interface Access

all

Limit which IP addresses can access the router management interface

Access router web interface > Security > Access Control > Add allowed IP ranges only

🧯 If You Can't Patch

Isolate the router on a separate VLAN with strict firewall rules
Replace the vulnerable device with a different model or manufacturer

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface: System Status > Firmware Version. If version is v2.0.1.6, device is vulnerable.

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

After firmware update, verify version is no longer v2.0.1.6. Test by attempting to send crafted requests to /goform/setSchedWifi endpoint.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/setSchedWifi with long schedStartTime parameters
Unusual process execution in router logs
Configuration changes without authorized user activity

Network Indicators:

Unusual outbound connections from router IP
Traffic to known exploit servers
DNS queries to suspicious domains from router

SIEM Query:

source="router_logs" AND (uri_path="/goform/setSchedWifi" AND content_length>1000) OR (process="malicious_binary" AND host="router_ip")

📊 Metadata

CVE ID: CVE-2024-30602

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: March 28, 2024

Last Updated: March 13, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_start.md Exploit,Third Party Advisory
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_start.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30602, you might also want to check these: