CVE-2024-30645 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-30645?

CVE-2024-30645 has a CVSS score of 8.0 (HIGH). This CVE describes a command injection vulnerability in Tenda AC15 routers where an attacker can execute arbitrary commands via the deviceName parameter. This allows remote code execution on affected devices, potentially compromising the entire network. Users of Tenda AC15 routers with firmware version V15.03.20_multi are affected.

📋 TL;DR

This CVE describes a command injection vulnerability in Tenda AC15 routers where an attacker can execute arbitrary commands via the deviceName parameter. This allows remote code execution on affected devices, potentially compromising the entire network. Users of Tenda AC15 routers with firmware version V15.03.20_multi are affected.

💻 Affected Systems

Products:

Tenda AC15

Versions: V15.03.20_multi

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may or may not be vulnerable.

📦 What is this software?

Ac15 Firmware by Tenda

View all CVEs affecting Ac15 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router leading to full network access, data exfiltration, installation of persistent backdoors, and use as a pivot point to attack other devices on the network.

🟠

Likely Case

Router takeover allowing network traffic interception, DNS hijacking, credential theft, and deployment of malware to connected devices.

🟢

If Mitigated

Limited impact with proper network segmentation, firewall rules, and monitoring detecting exploitation attempts.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers from the internet.

🏢 Internal Only: MEDIUM - Attackers could exploit this from within the network if they gain initial access through other means.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability appears to be exploitable without authentication based on the CWE-78 classification and available references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

Check Tenda's official website for firmware updates. If available, download the latest firmware, log into router admin interface, navigate to firmware upgrade section, upload the new firmware file, and apply it.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected router with a different model that receives security updates
Implement strict firewall rules to block all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

Log into router web interface and check firmware version in system settings

Verify Fix Applied:

Verify firmware version has been updated to a version newer than V15.03.20_multi

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in router logs
Multiple failed login attempts followed by successful access
Changes to device name containing shell metacharacters

Network Indicators:

Unusual outbound connections from router
Traffic to known malicious IPs from router
DNS queries to suspicious domains

SIEM Query:

source="router_logs" AND (deviceName CONTAINS ";" OR deviceName CONTAINS "|" OR deviceName CONTAINS "`" OR deviceName CONTAINS "$")

📊 Metadata

CVE ID: CVE-2024-30645

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: March 29, 2024

Last Updated: April 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30645, you might also want to check these: