Login Sign Up

CVE-2024-32283

7.3 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on Tenda FH1203 routers by injecting malicious commands through the cmdinput parameter in the formexeCommand function. Attackers can gain full control of affected devices, potentially compromising network security. All users running vulnerable firmware versions are affected.

💻 Affected Systems

Products:
  • Tenda FH1203 router
Versions: V2.0.1.6 firmware
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Fh1203 Firmware by Tenda

View all CVEs affecting Fh1203 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to persistent backdoor installation, network traffic interception, lateral movement to other devices, and participation in botnets.

🟠

Likely Case

Unauthorized command execution allowing configuration changes, credential theft, and installation of malware on the router.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain network access, though external exploitation is more likely.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept exists in GitHub repositories, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates. 2. Download latest firmware for FH1203. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to router admin interface to trusted IP addresses only

Disable Remote Management

all

Turn off remote administration features to prevent external access

🧯 If You Can't Patch

  • Isolate affected routers in separate VLAN with strict firewall rules
  • Implement network monitoring for suspicious command execution attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is V2.0.1.6, device is vulnerable.

Check Version:

Check via router web interface at System Status or About page

Verify Fix Applied:

Verify firmware version has been updated to a version later than V2.0.1.6

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in router logs
  • Multiple failed login attempts followed by successful access
  • Unexpected configuration changes

Network Indicators:

  • Unusual outbound connections from router
  • Traffic to known malicious IPs
  • Port scanning originating from router

SIEM Query:

source="router_logs" AND ("formexeCommand" OR "cmdinput" OR suspicious_command_patterns)

📊 Metadata

CVE ID: CVE-2024-32283
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: April 17, 2024
Last Updated: March 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32283, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)