CVE-2024-30604 – Tenda FH1203 router firmware version 2.0.1.6 co... (How to Fix)

Q: What is the severity of CVE-2024-30604?

CVE-2024-30604 has a CVSS score of 7.5 (HIGH). Tenda FH1203 router firmware version 2.0.1.6 contains a stack overflow vulnerability in the fromDhcpListClient function's list1 parameter. This allows attackers to execute arbitrary code or cause denial of service by sending specially crafted requests. Users with Tenda FH1203 routers running the vulnerable firmware are affected.

📋 TL;DR

Tenda FH1203 router firmware version 2.0.1.6 contains a stack overflow vulnerability in the fromDhcpListClient function's list1 parameter. This allows attackers to execute arbitrary code or cause denial of service by sending specially crafted requests. Users with Tenda FH1203 routers running the vulnerable firmware are affected.

💻 Affected Systems

Products:

Tenda FH1203

Versions: v2.0.1.6

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version only; other versions may or may not be vulnerable.

📦 What is this software?

Fh1203 Firmware by Tenda

View all CVEs affecting Fh1203 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, and lateral movement to connected networks.

🟠

Likely Case

Denial of service causing router crashes and network disruption, potentially requiring physical reset.

🟢

If Mitigated

Limited impact with proper network segmentation and firewall rules blocking external access to management interfaces.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and this vulnerability can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists in GitHub repositories; exploitation requires sending crafted HTTP requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for FH1203. 3. Access router admin panel. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router management interface

Network segmentation

all

Isolate router management interface to trusted network segments only

🧯 If You Can't Patch

Replace affected router with a different model or vendor
Implement strict firewall rules blocking all external access to router management ports (typically 80/443)

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin panel; if version is exactly 2.0.1.6, device is vulnerable.

Check Version:

Connect to router admin interface (typically http://192.168.0.1) and check System Status or Firmware Version page.

Verify Fix Applied:

After firmware update, verify version number has changed from 2.0.1.6 in router admin interface.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to /goform/DhcpListClient endpoint
Router crash/reboot events in system logs
Multiple failed authentication attempts followed by exploitation attempts

Network Indicators:

Unusual traffic patterns to router management interface from external IPs
HTTP POST requests with abnormally long list1 parameter values

SIEM Query:

source="router_logs" AND (uri_path="/goform/DhcpListClient" OR event_description="system reboot" OR event_description="crash")

📊 Metadata

CVE ID: CVE-2024-30604

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: March 28, 2024

Last Updated: March 13, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_list1.md Exploit,Third Party Advisory
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_list1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30604, you might also want to check these: