CVE-2024-35580 – CVE-2024-35580 is a critical stack buffer overf... (How to Fix)

Q: What is the severity of CVE-2024-35580?

CVE-2024-35580 has a CVSS score of 9.8 (CRITICAL). CVE-2024-35580 is a critical stack buffer overflow vulnerability in Tenda AX1806 routers that allows remote attackers to execute arbitrary code or cause denial of service. Attackers can exploit this by sending specially crafted requests to the vulnerable formSetIptv function. This affects all users of Tenda AX1806 routers with the vulnerable firmware version.

📋 TL;DR

CVE-2024-35580 is a critical stack buffer overflow vulnerability in Tenda AX1806 routers that allows remote attackers to execute arbitrary code or cause denial of service. Attackers can exploit this by sending specially crafted requests to the vulnerable formSetIptv function. This affects all users of Tenda AX1806 routers with the vulnerable firmware version.

💻 Affected Systems

Products:

Tenda AX1806

Versions: v1.0.0.1

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the web management interface's IPTV configuration function. All devices running this firmware version are vulnerable.

📦 What is this software?

Ax1806 Firmware by Tenda

View all CVEs affecting Ax1806 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router crash causing denial of service, potentially requiring physical reset and disrupting network connectivity.

🟢

If Mitigated

Limited impact if network segmentation isolates routers and strict access controls prevent external exploitation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web interfaces accessible from WAN.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access, but external exposure is more concerning.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires sending crafted HTTP requests to the router's web interface. Public technical details exist, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for AX1806. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface to trusted network

🧯 If You Can't Patch

Implement strict firewall rules to block external access to router web interface (ports 80/443)
Monitor router logs for unusual HTTP requests to formSetIptv endpoint

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status. If version is exactly v1.0.0.1, the device is vulnerable.

Check Version:

Log into router web interface and navigate to System Status page, or check via SSH if enabled: cat /proc/version

Verify Fix Applied:

After updating firmware, verify the version has changed from v1.0.0.1 to a newer version.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing 'adv.iptv.stbpvid' parameter with unusually long values
Router crash/reboot logs
Failed authentication attempts to web interface

Network Indicators:

Unusual HTTP POST requests to router IP on port 80/443
Traffic patterns suggesting port scanning of router interfaces

SIEM Query:

source="router_logs" AND ("adv.iptv.stbpvid" OR "formSetIptv") AND (content_length>100 OR status_code=500)

📊 Metadata

CVE ID: CVE-2024-35580

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: May 20, 2024

Last Updated: March 17, 2025

🔗 References

https://detailed-stetson-767.notion.site/Tenda-AX1806-Buffer-Overflow-in-formSetIptv-cebf9202122a4582ae86c5253b3f6da3?pvs=4 Broken Link,Exploit,Third Party Advisory
https://detailed-stetson-767.notion.site/Tenda-AX1806-Buffer-Overflow-in-formSetIptv-cebf9202122a4582ae86c5253b3f6da3?pvs=4 Broken Link,Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35580, you might also want to check these: