Login Sign Up

CVE-2024-35571

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AX1806 routers via a stack overflow in the formSetIptv function. Attackers can exploit this by sending specially crafted requests to the iptv.stb.mode parameter. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:
  • Tenda AX1806
Versions: v1.0.0.1
Operating Systems: Embedded Linux firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web management interface of the router. No special configuration required for exploitation.

📦 What is this software?

Ax1806 Firmware by Tenda

View all CVEs affecting Ax1806 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to router takeover, network traffic interception, lateral movement to connected devices, and persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the router as a pivot point for further attacks.

🟢

If Mitigated

Denial of service if exploit fails or is detected by security controls, with potential for temporary service disruption.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to remote attackers.
🏢 Internal Only: MEDIUM - If routers are behind firewalls or not directly exposed, risk is reduced but still present from internal threats.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Detailed technical analysis and proof-of-concept are publicly available. Exploitation requires sending crafted HTTP requests to the router's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Access router web interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Network segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

  • Replace affected routers with different models
  • Implement strict firewall rules to block access to router management interface from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at 192.168.0.1 or 192.168.1.1, navigate to System Status or About page

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is no longer v1.0.0.1 after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP POST requests to formSetIptv endpoint
  • Large payloads sent to iptv.stb.mode parameter
  • Router crash or reboot logs

Network Indicators:

  • HTTP requests with oversized iptv.stb.mode parameters
  • Traffic to router management interface from unexpected sources

SIEM Query:

source="router_logs" AND (uri="/goform/formSetIptv" OR parameter="iptv.stb.mode") AND size>1000

📊 Metadata

CVE ID: CVE-2024-35571
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: May 20, 2024
Last Updated: March 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35571, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)