CVE-2024-4238 – This critical vulnerability in Tenda AX1806 rou... (How to Fix)

Q: What is the severity of CVE-2024-4238?

CVE-2024-4238 has a CVSS score of 8.8 (HIGH). This critical vulnerability in Tenda AX1806 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the device name setting function. Attackers can exploit this without authentication to potentially take full control of affected routers. All users of Tenda AX1806 version 1.0.0.1 are affected.

📋 TL;DR

This critical vulnerability in Tenda AX1806 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the device name setting function. Attackers can exploit this without authentication to potentially take full control of affected routers. All users of Tenda AX1806 version 1.0.0.1 are affected.

💻 Affected Systems

Products:

Tenda AX1806

Versions: 1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Ax1806 Firmware by Tenda

View all CVEs affecting Ax1806 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to internal networks, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device as a pivot point into internal networks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering, though internal exploitation risk remains.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and public exploit details exist.

🏢 Internal Only: HIGH - Even internally, the vulnerability requires no authentication and can be exploited by any network-adjacent attacker.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Detailed exploit documentation is publicly available on GitHub, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: Yes

Instructions:

No official patch available. Monitor Tenda's website for firmware updates and apply immediately when released.

🔧 Temporary Workarounds

Disable remote administration

all

Disable WAN-side administration access to prevent external exploitation

Network segmentation

all

Isolate Tenda routers in a separate VLAN with strict firewall rules

🧯 If You Can't Patch

Replace affected devices with different models from vendors with better security response
Implement strict network access controls to limit traffic to/from affected routers

🔍 How to Verify

Check if Vulnerable:

Check router web interface or CLI for firmware version. If version is 1.0.0.1, the device is vulnerable.

Check Version:

Check router web interface at Status > Device Info or use telnet/SSH if available

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.0.0.1

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetOnlineDevName with long devName parameters
Device reboots or configuration changes not initiated by administrators

Network Indicators:

Unusual outbound connections from router to unknown IPs
Traffic patterns suggesting device compromise

SIEM Query:

source_ip="router_ip" AND (url_path="/goform/SetOnlineDevName" OR (event_type="buffer_overflow" AND device_model="AX1806"))

📊 Metadata

CVE ID: CVE-2024-4238

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: April 26, 2024

Last Updated: January 27, 2025

🔗 References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetDeviceName_devName.md Broken Link
https://vuldb.com/?ctiid.262129 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.262129 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.319232 Third Party Advisory,VDB Entry
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetDeviceName_devName.md Broken Link
https://vuldb.com/?ctiid.262129 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.262129 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.319232 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4238, you might also want to check these: