Login Sign Up

CVE-2024-30630

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2024-30630 is a critical stack overflow vulnerability in Tenda FH1205 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the saveParentControlInfo function. This affects all users running Tenda FH1205 v2.0.0.7(775) firmware who have the web interface accessible.

💻 Affected Systems

Products:
  • Tenda FH1205
Versions: v2.0.0.7(775)
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running this specific firmware version are vulnerable. The web interface is typically enabled by default.

📦 What is this software?

Fh1205 Firmware by Tenda

View all CVEs affecting Fh1205 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to connected devices, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attacker to modify router settings, intercept traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is behind firewall with no external access to web interface, though internal threats remain.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via the web interface which is typically exposed to the internet on consumer routers.
🏢 Internal Only: HIGH - Even internally, any attacker on the local network can exploit this vulnerability to compromise the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept exists in GitHub repository. Exploitation requires sending malformed time parameter to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for FH1205. 3. Log into router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload new firmware file. 6. Wait for reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Change Default Admin Credentials

all

Mitigate unauthorized access attempts

🧯 If You Can't Patch

  • Isolate router on separate VLAN with strict firewall rules
  • Implement network monitoring for suspicious traffic to/from router

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status or System Tools > Firmware Upgrade page

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is no longer v2.0.0.7(775) after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /goform/saveParentControlInfo
  • Multiple failed login attempts followed by successful access

Network Indicators:

  • Unusual outbound connections from router
  • Traffic to known malicious IPs from router

SIEM Query:

source="router.log" AND (uri="/goform/saveParentControlInfo" OR "time parameter overflow")

📊 Metadata

CVE ID: CVE-2024-30630
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: March 29, 2024
Last Updated: March 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30630, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)