CVE-2024-4065 – This critical vulnerability in Tenda AC8 router... (How to Fix)

Q: What is the severity of CVE-2024-4065?

CVE-2024-4065 has a CVSS score of 8.8 (HIGH). This critical vulnerability in Tenda AC8 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the reboot timer function. Attackers can exploit this without authentication to potentially take full control of affected devices. All users running vulnerable firmware versions are at risk.

📋 TL;DR

This critical vulnerability in Tenda AC8 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the reboot timer function. Attackers can exploit this without authentication to potentially take full control of affected devices. All users running vulnerable firmware versions are at risk.

💻 Affected Systems

Products:

Tenda AC8

Versions: 16.03.34.09

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default. The vulnerable endpoint is accessible via web interface.

📦 What is this software?

Ac8 Firmware by Tenda

View all CVEs affecting Ac8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent backdoor installation, network traffic interception, and lateral movement to other devices on the network.

🟠

Likely Case

Remote code execution leading to device takeover, botnet enrollment, or credential theft from connected devices.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-exposed devices immediate targets.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details are available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. If update available, download and install via web interface. 3. Factory reset after update. 4. Reconfigure settings securely.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to the vulnerable web interface

Access router admin panel -> System -> Remote Management -> Disable

Network segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to block external access to port 80/443 on router

🧯 If You Can't Patch

Replace affected devices with supported models from different vendors
Deploy network-based intrusion prevention systems to detect and block exploit attempts

🔍 How to Verify

Check if Vulnerable:

Access router web interface, navigate to System Status page and check firmware version matches 16.03.34.09

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

After firmware update, verify version is different from 16.03.34.09 and test that /goform/SetRebootTimer endpoint rejects malformed input

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetRebootTimer
Multiple failed buffer overflow attempts in web logs
Unexpected device reboots

Network Indicators:

HTTP POST requests with unusually long rebootTime parameters
Traffic to router management interface from unexpected sources

SIEM Query:

source="router_logs" AND uri="/goform/SetRebootTimer" AND content_length>100

📊 Metadata

CVE ID: CVE-2024-4065

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: April 23, 2024

Last Updated: January 21, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/formSetRebootTimer.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.261791 Permissions Required,VDB Entry
https://vuldb.com/?id.261791 Permissions Required,VDB Entry
https://vuldb.com/?submit.316494 Third Party Advisory,VDB Entry
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/formSetRebootTimer.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.261791 Permissions Required,VDB Entry
https://vuldb.com/?id.261791 Permissions Required,VDB Entry
https://vuldb.com/?submit.316494 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4065, you might also want to check these: