CVE-2024-41465 – CVE-2024-41465 is a stack-based buffer overflow... (How to Fix)

Q: What is the severity of CVE-2024-41465?

CVE-2024-41465 has a CVSS score of 7.5 (HIGH). CVE-2024-41465 is a stack-based buffer overflow vulnerability in Tenda FH1201 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the vulnerable endpoint. This affects all users running Tenda FH1201 firmware version 1.2.0.14. Successful exploitation could lead to complete device compromise.

📋 TL;DR

CVE-2024-41465 is a stack-based buffer overflow vulnerability in Tenda FH1201 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the vulnerable endpoint. This affects all users running Tenda FH1201 firmware version 1.2.0.14. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Tenda FH1201

Versions: v1.2.0.14

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the affected firmware version are vulnerable. The vulnerable endpoint is part of the web management interface.

📦 What is this software?

Fh1201 Firmware by Tendacn

View all CVEs affecting Fh1201 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, attacker persistence, network traffic interception, and lateral movement to connected devices.

🟠

Likely Case

Router compromise leading to denial of service, configuration changes, or credential theft from connected devices.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and regular backups allow quick restoration.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface, making internet-exposed routers prime targets.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to gain router control and pivot to other network segments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists in GitHub repositories. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. If update available, download and install via web interface. 3. Reboot router after installation. 4. Verify firmware version changed from v1.2.0.14.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router web interface

Access router admin panel → Advanced → Remote Management → Disable

Network segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to restrict access to router IP on port 80/443

🧯 If You Can't Patch

Replace affected router with different model or vendor
Implement strict network access controls to limit who can reach router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface: Login → System Status → Firmware Version. If version is 1.2.0.14, device is vulnerable.

Check Version:

curl -s http://router-ip/ | grep -i firmware or check web interface manually

Verify Fix Applied:

After updating, verify firmware version is no longer 1.2.0.14. Test by attempting to access /ip/goform/setcfm with monitoring for crashes.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /ip/goform/setcfm
Router crash/reboot logs
Unusual configuration changes

Network Indicators:

Large POST payloads to router port 80/443
Traffic to /ip/goform/setcfm endpoint
Router becoming unresponsive

SIEM Query:

source="router_logs" AND (uri="/ip/goform/setcfm" OR message="crash" OR message="reboot")

📊 Metadata

CVE ID: CVE-2024-41465

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: July 24, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/iotresearch/iot-vuln/tree/main/Tenda/FH1201/setcfm Exploit,Third Party Advisory
https://github.com/iotresearch/iot-vuln/tree/main/Tenda/FH1201/setcfm Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41465, you might also want to check these: