CVE-2024-4166 – This critical vulnerability in Tenda 4G300 rout... (How to Fix)

Q: What is the severity of CVE-2024-4166?

CVE-2024-4166 has a CVSS score of 8.8 (HIGH). This critical vulnerability in Tenda 4G300 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the sub_41E858 function when manipulating the GO/page argument. Attackers can exploit this without authentication to potentially take full control of affected devices. All users of Tenda 4G300 routers running vulnerable firmware versions are affected.

📋 TL;DR

This critical vulnerability in Tenda 4G300 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the sub_41E858 function when manipulating the GO/page argument. Attackers can exploit this without authentication to potentially take full control of affected devices. All users of Tenda 4G300 routers running vulnerable firmware versions are affected.

💻 Affected Systems

Products:

Tenda 4G300

Versions: 1.01.42

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

4g300 Firmware by Tenda

View all CVEs affecting 4g300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to internal networks, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify device configuration, intercept traffic, or use the device as a pivot point into internal networks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-facing devices immediate targets.

🏢 Internal Only: MEDIUM - While still vulnerable, internal-only devices require initial network access but could be exploited during lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Contact Tenda support for firmware updates and monitor their security advisories.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected routers in separate network segments to limit potential lateral movement.

Firewall Restrictions

all

Block all inbound traffic to the router's management interface from untrusted networks.

🧯 If You Can't Patch

Replace affected devices with alternative models from different vendors
Implement strict network monitoring and anomaly detection for traffic to/from affected devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version via router web interface at System Status > Firmware Version or via SSH/Telnet if enabled.

Check Version:

Check web interface or use: telnet [router_ip] and check firmware version in status output

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.01.42 (when available).

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to GO/page endpoints
Multiple failed buffer overflow attempts
Sudden configuration changes

Network Indicators:

Unusual outbound connections from router
Traffic spikes to suspicious IPs
Port scanning originating from router

SIEM Query:

source_ip=[router_ip] AND (uri_path="*GO/page*" OR uri_path="*sub_41E858*")

📊 Metadata

CVE ID: CVE-2024-4166

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: April 25, 2024

Last Updated: January 21, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.261985 Permissions Required,VDB Entry
https://vuldb.com/?id.261985 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.318981 Third Party Advisory,VDB Entry
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.261985 Permissions Required,VDB Entry
https://vuldb.com/?id.261985 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.318981 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4166, you might also want to check these: