Login Sign Up

CVE-2024-35578

8.0 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AX1806 routers via a stack overflow in the formSetIptv function. Attackers can exploit this by sending specially crafted requests to the adv.iptv.stballvlans parameter. All users of affected Tenda AX1806 routers are at risk.

💻 Affected Systems

Products:
  • Tenda AX1806
Versions: v1.0.0.1
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific firmware version; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Ax1806 Firmware by Tenda

View all CVEs affecting Ax1806 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, and lateral movement to other devices on the network.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as part of a botnet.

🟢

If Mitigated

Denial of service or temporary disruption if exploit fails or is detected by security controls.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access, but internet-facing exposure is more dangerous.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Detailed technical analysis and proof-of-concept available in public references. The vulnerability appears straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in references

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for AX1806. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Wait for router to restart.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to trusted network segments only

🧯 If You Can't Patch

  • Disable the IPTV feature if not needed
  • Implement strict firewall rules to limit access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is v1.0.0.1, device is vulnerable.

Check Version:

Log into router web interface and check System Status or Firmware Version page.

Verify Fix Applied:

Verify firmware version has been updated to a version later than v1.0.0.1.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to formSetIptv endpoint
  • Large payloads sent to adv.iptv.stballvlans parameter
  • Router crash or restart logs

Network Indicators:

  • HTTP requests with oversized stballvlans parameter values
  • Traffic patterns suggesting exploit attempts

SIEM Query:

http.method:POST AND http.uri:*formSetIptv* AND http.param.stballvlans:*

📊 Metadata

CVE ID: CVE-2024-35578
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: May 20, 2024
Last Updated: March 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35578, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)