CVE-2024-33181 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-33181?

CVE-2024-33181 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on Tenda AC18 routers via a stack-based buffer overflow in the addWifiMacFilter function. Attackers can exploit this by sending specially crafted requests to the deviceMac parameter, potentially gaining full control of affected devices. This affects Tenda AC18 routers running firmware version V15.03.3.10_EN.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC18 routers via a stack-based buffer overflow in the addWifiMacFilter function. Attackers can exploit this by sending specially crafted requests to the deviceMac parameter, potentially gaining full control of affected devices. This affects Tenda AC18 routers running firmware version V15.03.3.10_EN.

💻 Affected Systems

Products:

Tenda AC18

Versions: V15.03.3.10_EN

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web management interface's addWifiMacFilter functionality, which is typically accessible via the router's web interface.

📦 What is this software?

Ac18 Firmware by Tenda

View all CVEs affecting Ac18 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, credential theft, and lateral movement to other network devices.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and external access is restricted, though local network attacks may still be possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in a web form handler, making it relatively easy to exploit with publicly available technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check Tenda's official website for firmware updates. If available, download the latest firmware and apply it through the router's web interface under System Tools > Firmware Upgrade.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the router's web interface

Access router web interface > Advanced > System Tools > Remote Management > Disable

Restrict Access via Firewall

linux

Block access to the router's web interface from untrusted networks

iptables -A INPUT -p tcp --dport 80 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Replace affected routers with updated models or different vendors
Segment network to isolate vulnerable routers from critical systems

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface: System Status > Firmware Version. If version is V15.03.3.10_EN, device is vulnerable.

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

After updating firmware, verify the version no longer matches V15.03.3.10_EN and test that the addWifiMacFilter endpoint no longer accepts malformed deviceMac parameters.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/addWifiMacFilter
Large or malformed deviceMac parameter values in web logs
Router reboot or crash logs

Network Indicators:

HTTP POST requests to router IP on port 80/tcp with oversized deviceMac parameter
Unusual outbound connections from router

SIEM Query:

source="router-logs" AND (uri="/goform/addWifiMacFilter" AND deviceMac.length>50)

📊 Metadata

CVE ID: CVE-2024-33181

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: July 16, 2024

Last Updated: April 7, 2025

🔗 References

https://palm-vertebra-fe9.notion.site/addWifiMacFilter_2-0f7fab42d4254867b46fe92b25dc7c40 Exploit,Third Party Advisory
https://palm-vertebra-fe9.notion.site/addWifiMacFilter_2-0f7fab42d4254867b46fe92b25dc7c40 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33181, you might also want to check these: