CVE-2024-42945 – Tenda FH1201 routers running firmware v1.2.0.14... (How to Fix)

Q: What is the severity of CVE-2024-42945?

CVE-2024-42945 has a CVSS score of 7.5 (HIGH). Tenda FH1201 routers running firmware v1.2.0.14 (408) contain a stack overflow vulnerability in the fromAddressNat function's page parameter. Attackers can exploit this via crafted POST requests to cause Denial of Service (DoS), potentially crashing the device. This affects users of Tenda FH1201 routers with the vulnerable firmware version.

📋 TL;DR

Tenda FH1201 routers running firmware v1.2.0.14 (408) contain a stack overflow vulnerability in the fromAddressNat function's page parameter. Attackers can exploit this via crafted POST requests to cause Denial of Service (DoS), potentially crashing the device. This affects users of Tenda FH1201 routers with the vulnerable firmware version.

💻 Affected Systems

Products:

Tenda FH1201

Versions: v1.2.0.14 (408)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific firmware version. The vulnerability is in the web management interface.

📦 What is this software?

Fh1201 Firmware by Tendacn

View all CVEs affecting Fh1201 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, potential remote code execution if combined with other vulnerabilities, and persistent network disruption.

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality, causing temporary network outage for connected devices.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though LAN exploitation remains possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains proof-of-concept. Exploitation requires sending crafted POST request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check Tenda website for firmware updates. 2. If update available, download and install via web interface. 3. Monitor vendor communications for security patches.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace device with supported model
Implement strict network access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Status or similar section

Check Version:

Login to router web interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version is newer than v1.2.0.14 (408)

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to fromAddressNat endpoint
Router crash/reboot events
Unusual traffic patterns to router management interface

Network Indicators:

Crafted POST requests with malformed page parameter
Traffic to router web management port (typically 80/443)

SIEM Query:

source_ip="router_ip" AND (http_method="POST" AND uri CONTAINS "fromAddressNat")

📊 Metadata

CVE ID: CVE-2024-42945

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: August 15, 2024

Last Updated: August 16, 2024

🔗 References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAddressNat_page.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42945, you might also want to check these: