CVE-2024-30626 – This CVE describes a stack overflow vulnerabili... (How to Fix)

📋 TL;DR

This CVE describes a stack overflow vulnerability in Tenda FH1205 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the setSchedWifi function. The vulnerability affects users of Tenda FH1205 routers with vulnerable firmware versions. Attackers can potentially gain full control of affected devices.

💻 Affected Systems

Products:

Tenda FH1205

Versions: v2.0.0.7(775)

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of the router. The vulnerability is in the schedEndTime parameter handling.

📦 What is this software?

Fh1205 Firmware by Tenda

View all CVEs affecting Fh1205 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, allowing attackers to install malware, pivot to internal networks, or create persistent backdoors.

🟠

Likely Case

Device crash/reboot (denial of service) or limited code execution to modify device settings and network configuration.

🟢

If Mitigated

No impact if device is patched or network segmentation prevents access to vulnerable interface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the web management interface. The GitHub reference contains technical details about the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for FH1205
3. Access router web interface
4. Navigate to firmware upgrade section
5. Upload and apply new firmware
6. Reboot router after update

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace affected devices with patched or different models
Implement strict network access controls to limit who can reach router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status or similar section

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version is newer than v2.0.0.7(775) after update

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts to router web interface
Unusual POST requests to setSchedWifi endpoint

Network Indicators:

Unusual traffic patterns to router management port (typically 80/443)
Exploit attempt patterns in HTTP requests

SIEM Query:

source_ip="router_ip" AND (http_uri="/goform/setSchedWifi" OR http_user_agent_contains="exploit")

📊 Metadata

CVE ID: CVE-2024-30626

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 29, 2024

Last Updated: March 13, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_end.md Exploit,Third Party Advisory
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_end.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30626, you might also want to check these: