CVE-2024-30628 – CVE-2024-30628 is a critical stack overflow vul... (How to Fix)

Q: What is the severity of CVE-2024-30628?

CVE-2024-30628 has a CVSS score of 9.8 (CRITICAL). CVE-2024-30628 is a critical stack overflow vulnerability in Tenda FH1205 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the fromAddressNat function. This affects all users running Tenda FH1205 v2.0.0.7(775) firmware, potentially giving attackers full control of the device.

📋 TL;DR

CVE-2024-30628 is a critical stack overflow vulnerability in Tenda FH1205 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the fromAddressNat function. This affects all users running Tenda FH1205 v2.0.0.7(775) firmware, potentially giving attackers full control of the device.

💻 Affected Systems

Products:

Tenda FH1205

Versions: v2.0.0.7(775)

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default. No special configuration required.

📦 What is this software?

Fh1205 Firmware by Tenda

View all CVEs affecting Fh1205 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, credential theft, and lateral movement to other devices on the network.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as part of a botnet.

🟢

If Mitigated

Limited impact if device is behind firewall with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from WAN interfaces.

🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers or compromised devices on the same network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available in GitHub repository. Exploit requires sending crafted HTTP request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. If update available, download and install via router admin interface. 3. Reboot router after update. 4. Verify firmware version changed from v2.0.0.7(775).

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router admin interface

Login to router admin panel -> Advanced Settings -> Remote Management -> Disable

Network Segmentation

all

Isolate router management interface to trusted network

Configure firewall rules to restrict access to router IP on port 80/443 to trusted IPs only

🧯 If You Can't Patch

Replace vulnerable device with different model or vendor
Place router behind dedicated firewall with strict inbound filtering

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is exactly v2.0.0.7(775), device is vulnerable.

Check Version:

Login to router admin panel (typically http://192.168.0.1) and check System Status or Firmware Update section.

Verify Fix Applied:

Verify firmware version has changed from v2.0.0.7(775) after update. Test with known exploit POC to confirm patched.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to router management interface
Multiple failed login attempts followed by successful access
Unexpected configuration changes

Network Indicators:

Unusual outbound connections from router
Traffic to known malicious IPs from router
Port scanning originating from router

SIEM Query:

source_ip=router_ip AND (http_method=POST AND uri_contains="fromAddressNat" OR http_status=500)

📊 Metadata

CVE ID: CVE-2024-30628

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 29, 2024

Last Updated: March 14, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_page.md Exploit,Third Party Advisory
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_page.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30628, you might also want to check these: