CVE-2024-42943 – This vulnerability in Tenda FH1201 routers allo... (How to Fix)

📋 TL;DR

This vulnerability in Tenda FH1201 routers allows attackers to trigger a stack overflow by sending a specially crafted POST request to the PPPOEPassword parameter. This can cause a Denial of Service (DoS) by crashing the device. Users running Tenda FH1201 routers with vulnerable firmware are affected.

💻 Affected Systems

Products:

Tenda FH1201

Versions: v1.2.0.14 (408)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of the router. No special configuration required for exploitation.

📦 What is this software?

Fh1201 Firmware by Tenda

View all CVEs affecting Fh1201 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, potentially leading to extended network downtime and service disruption.

🟠

Likely Case

Router becomes unresponsive, requiring manual reboot to restore functionality, causing temporary network outage.

🟢

If Mitigated

If properly segmented and behind firewalls, impact limited to isolated network segment with quick recovery possible.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires sending a crafted POST request to the vulnerable endpoint. Public proof-of-concept available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for FH1201
3. Access router web interface
4. Navigate to firmware upgrade section
5. Upload and apply new firmware
6. Reboot router after update completes

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Network Segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

Replace vulnerable router with updated model or different vendor
Implement strict network access controls to limit access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at System Status or About page

Check Version:

No CLI command - check via web interface at 192.168.0.1 or router IP

Verify Fix Applied:

Verify firmware version is newer than v1.2.0.14 (408)

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/AdvSetWan with long PPPOEPassword parameter
Router crash/reboot events in system logs

Network Indicators:

Unusual POST requests to router management interface
Sudden loss of connectivity to router

SIEM Query:

source="router_logs" AND (uri_path="/goform/AdvSetWan" AND method="POST" AND param_length>100)

📊 Metadata

CVE ID: CVE-2024-42943

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: August 15, 2024

Last Updated: August 16, 2024

🔗 References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAdvSetWan_PPPOEPassword.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42943, you might also want to check these: