Login Sign Up

CVE-2024-32317

7.5 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes a stack overflow vulnerability in Tenda AC10 routers that allows attackers to execute arbitrary code by sending specially crafted requests to the adslPwd parameter. The vulnerability affects users running vulnerable firmware versions on Tenda AC10 routers. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:
  • Tenda AC10
Versions: V16.03.10.13 and V16.03.10.20
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web management interface of the router. The vulnerability is in the formWanParameterSetting function.

📦 What is this software?

Ac10 Firmware by Tenda

View all CVEs affecting Ac10 Firmware →

Ac10 Firmware by Tenda

View all CVEs affecting Ac10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network traffic interception, and lateral movement into connected networks.

🟠

Likely Case

Router compromise allowing attackers to modify DNS settings, intercept traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if the router is behind a firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to the router's web interface. The vulnerability is well-documented in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for AC10. 3. Log into router admin panel. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable WAN Management

all

Prevent external access to the router's management interface

Change Default Credentials

all

Use strong, unique passwords for router administration

🧯 If You Can't Patch

  • Isolate the router on a separate VLAN with strict firewall rules
  • Implement network monitoring for unusual traffic patterns from the router

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin panel under System Status or System Tools

Check Version:

Log into router web interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version is no longer V16.03.10.13 or V16.03.10.20

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts
  • Unusual POST requests to formWanParameterSetting
  • Router configuration changes

Network Indicators:

  • Unexpected outbound connections from router
  • DNS hijacking patterns
  • Port scanning originating from router

SIEM Query:

source="router_logs" AND (uri="/goform/formWanParameterSetting" OR message="adslPwd")

📊 Metadata

CVE ID: CVE-2024-32317
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
CWE: CWE-121
Published: April 17, 2024
Last Updated: March 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32317, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)