CVE-2024-34974 – A buffer overflow vulnerability in Tenda AC18 r... (How to Fix)

📋 TL;DR

A buffer overflow vulnerability in Tenda AC18 routers allows attackers to execute arbitrary code by sending specially crafted requests to the formSetPPTPServer function. This affects users running Tenda AC18 routers with firmware version 15.03.05.19. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

Tenda AC18

Versions: v15.03.05.19

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the PPTP server configuration function specifically. Other Tenda models may be affected but not confirmed.

📦 What is this software?

Ac18 Firmware by Tenda

View all CVEs affecting Ac18 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router crash/reboot causing denial of service, followed by potential remote code execution by skilled attackers.

🟢

If Mitigated

Denial of service only if exploit attempts are blocked or fail to achieve code execution.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from WAN interfaces.

🏢 Internal Only: MEDIUM - Could be exploited from internal networks if attacker gains initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub demonstrates buffer overflow via endIp parameter. No authentication required to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. If update available, download and install via router admin interface
3. Reboot router after installation
4. Verify firmware version is no longer 15.03.05.19

🔧 Temporary Workarounds

Disable PPTP Server

all

Disable the vulnerable PPTP server functionality if not required

Login to router admin interface
Navigate to VPN/PPTP settings
Disable PPTP server

Network Segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to restrict access to router admin interface
Allow only trusted IPs to access management functions

🧯 If You Can't Patch

Replace affected router with different model/vendor
Implement strict network access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is exactly 15.03.05.19, device is vulnerable.

Check Version:

Login to router web interface and check System Status or Firmware Update section

Verify Fix Applied:

Verify firmware version has changed from 15.03.05.19 after update. Test PPTP server functionality if kept enabled.

📡 Detection & Monitoring

Log Indicators:

Multiple failed PPTP configuration attempts
Router crash/reboot logs
Unusual traffic to router management interface

Network Indicators:

HTTP POST requests to formSetPPTPServer with malformed endIp parameter
Excessive traffic to router port 80/443

SIEM Query:

source_ip="*" AND dest_ip="router_ip" AND uri="*/goform/setPPTPServer" AND http_method="POST" AND content="*endIp=*"

📊 Metadata

CVE ID: CVE-2024-34974

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-125

Published: May 14, 2024

Last Updated: March 17, 2025

🔗 References

https://github.com/hunzi0/Vullnfo/tree/main/Tenda/AC18/formSetPPTPServer Exploit,Third Party Advisory
https://github.com/hunzi0/Vullnfo/tree/main/Tenda/AC18/formSetPPTPServer Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34974, you might also want to check these: