Login Sign Up

CVE-2024-41463

7.5 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2024-41463 is a stack-based buffer overflow vulnerability in Tenda FH1201 routers that allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted requests to the entrys parameter. This affects all users running vulnerable firmware versions of the Tenda FH1201 router.

💻 Affected Systems

Products:
  • Tenda FH1201
Versions: v1.2.0.14 and likely earlier versions
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable as the vulnerable endpoint is part of the web management interface.

📦 What is this software?

Fh1201 Firmware by Tendacn

View all CVEs affecting Fh1201 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence, and lateral movement to connected networks.

🟠

Likely Case

Router crash causing denial of service, requiring physical reset to restore functionality.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted access to management interface.

🌐 Internet-Facing: HIGH - Router management interfaces are often exposed to WAN by default.
🏢 Internal Only: MEDIUM - Attackers on local network can exploit without internet access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept available in GitHub repository. Exploitation requires sending HTTP POST request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Access router admin panel. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload new firmware file. 6. Wait for automatic reboot.

🔧 Temporary Workarounds

Disable WAN Management Access

all

Prevent external access to router management interface

Access router admin panel > Advanced > System Tools > Remote Management > Disable

Network Segmentation

all

Isolate router management interface to trusted network segment

Configure firewall rules to restrict access to port 80/443 to trusted IPs only

🧯 If You Can't Patch

  • Replace vulnerable device with supported model
  • Deploy network firewall with deep packet inspection to block exploit patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin panel under System Status or System Tools > Firmware Upgrade

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than v1.2.0.14 and test if /ip/goform/addressNat endpoint still accepts malformed entrys parameter

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /ip/goform/addressNat with large entrys parameter
  • Router crash/reboot logs

Network Indicators:

  • HTTP POST requests to /ip/goform/addressNat with unusually long parameters
  • Traffic patterns matching known exploit code

SIEM Query:

source="router_logs" AND (url="/ip/goform/addressNat" AND parameter_size>1000)

📊 Metadata

CVE ID: CVE-2024-41463
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: July 24, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41463, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)