CVE-2024-30624 – This CVE describes a stack overflow vulnerabili... (How to Fix)

📋 TL;DR

This CVE describes a stack overflow vulnerability in Tenda FH1205 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the saveParentControlInfo function. The vulnerability affects Tenda FH1205 routers running firmware version 2.0.0.7(775). Attackers can potentially gain full control of affected devices.

💻 Affected Systems

Products:

Tenda FH1205

Versions: v2.0.0.7(775)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version only. Devices with default configurations are vulnerable.

📦 What is this software?

Fh1205 Firmware by Tenda

View all CVEs affecting Fh1205 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, allowing attackers to intercept network traffic, install malware, or pivot to internal networks.

🟠

Likely Case

Remote code execution resulting in device takeover, enabling attackers to modify router settings, intercept traffic, or use the device as part of a botnet.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available in GitHub repository. Exploitation appears straightforward based on available documentation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for FH1205
3. Access router admin interface
4. Navigate to firmware upgrade section
5. Upload and apply new firmware
6. Reboot router after update

🔧 Temporary Workarounds

Disable Parent Control Feature

all

Disable the vulnerable parent control functionality if not needed

Network Segmentation

all

Isolate affected routers from critical network segments

🧯 If You Can't Patch

Place routers behind firewalls with strict inbound filtering
Disable remote administration and WAN-side management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 2.0.0.7(775), device is vulnerable.

Check Version:

Check router web interface or use nmap/router scanning tools to identify firmware version

Verify Fix Applied:

Verify firmware version has been updated to a version later than 2.0.0.7(775)

📡 Detection & Monitoring

Log Indicators:

Unusual requests to saveParentControlInfo endpoint
Multiple failed authentication attempts
Unexpected configuration changes

Network Indicators:

Unusual outbound connections from router
Traffic patterns suggesting device compromise
Port scanning originating from router

SIEM Query:

source_ip=router_ip AND (uri CONTAINS 'saveParentControlInfo' OR status_code=500)

📊 Metadata

CVE ID: CVE-2024-30624

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 29, 2024

Last Updated: March 13, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_urls.md Exploit,Third Party Advisory
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_urls.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30624, you might also want to check these: