CVE-2024-4170 – This critical vulnerability in Tenda 4G300 rout... (How to Fix)

Q: What is the severity of CVE-2024-4170?

CVE-2024-4170 has a CVSS score of 8.8 (HIGH). This critical vulnerability in Tenda 4G300 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the sub_429A30 function. Attackers can exploit this to take full control of affected devices. All users of Tenda 4G300 routers with vulnerable firmware are affected.

📋 TL;DR

This critical vulnerability in Tenda 4G300 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the sub_429A30 function. Attackers can exploit this to take full control of affected devices. All users of Tenda 4G300 routers with vulnerable firmware are affected.

💻 Affected Systems

Products:

Tenda 4G300

Versions: 1.01.42

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected. The vendor has not responded to disclosure attempts.

📦 What is this software?

4g300 Firmware by Tenda

View all CVEs affecting 4g300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to internal networks, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering, though internal network exposure remains a risk.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing routers directly exposed to attackers.

🏢 Internal Only: MEDIUM - Internal devices could be targeted through compromised internal systems or phishing attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Detailed technical analysis and proof-of-concept information is publicly available on GitHub. The vulnerability is remotely exploitable without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch is available. Monitor Tenda's website for firmware updates. If an update becomes available, download from official sources and apply through the router's web interface.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected routers from critical internal networks using VLANs or separate network segments

Firewall Restrictions

all

Block all inbound traffic to the router's management interface from untrusted networks

🧯 If You Can't Patch

Replace affected devices with alternative models from vendors with active security support
Implement strict network monitoring and anomaly detection for traffic to/from affected routers

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at http://router_ip or using command: telnet router_ip (if enabled) and check version

Check Version:

Check router web interface under System Status or Settings > Firmware Upgrade

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.01.42

📡 Detection & Monitoring

Log Indicators:

Unusual traffic patterns to router management interface
Multiple failed login attempts followed by successful access
Unexpected configuration changes

Network Indicators:

Unusual outbound connections from router
Traffic to known malicious IPs from router
Port scanning originating from router

SIEM Query:

source_ip=router_ip AND (event_type="configuration_change" OR dest_port=80,443,8080,8443) AND user_agent contains unusual patterns

📊 Metadata

CVE ID: CVE-2024-4170

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: April 25, 2024

Last Updated: January 21, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.261989 Permissions Required,VDB Entry
https://vuldb.com/?id.261989 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.318991 Third Party Advisory,VDB Entry
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.261989 Permissions Required,VDB Entry
https://vuldb.com/?id.261989 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.318991 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4170, you might also want to check these: