Login Sign Up

CVE-2024-42949

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Tenda FH1201 routers allows attackers to trigger a stack overflow via a crafted POST request to the qos parameter, leading to Denial of Service. It affects users running vulnerable firmware versions on these specific router models. The attack requires network access to the router's web interface.

💻 Affected Systems

Products:
  • Tenda FH1201
Versions: v1.2.0.14 (408)
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects specific firmware version on this router model. QoS feature must be accessible via web interface.

📦 What is this software?

Fh1201 Firmware by Tendacn

View all CVEs affecting Fh1201 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical power cycle, potentially leading to extended network downtime and disruption of all connected services.

🟠

Likely Case

Router becomes unresponsive, requiring reboot and causing temporary network outage for all connected devices.

🟢

If Mitigated

If router is behind firewall with restricted web interface access, impact is limited to internal network disruption only.

🌐 Internet-Facing: HIGH if router's web interface is exposed to internet, as unauthenticated attackers can cause DoS remotely.
🏢 Internal Only: MEDIUM as internal attackers or malware could still exploit this to disrupt local network operations.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public GitHub repository contains detailed analysis and proof-of-concept. Exploit requires sending crafted POST request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not found

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware 3. Access router admin interface 4. Upload and apply firmware update 5. Reboot router

🔧 Temporary Workarounds

Disable QoS feature

all

Turn off Quality of Service functionality in router settings to remove vulnerable code path

Restrict web interface access

linux

Configure firewall to block external access to router admin interface (typically port 80/443)

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Isolate router on separate VLAN with restricted access
  • Implement network monitoring for abnormal POST requests to /goform/qossetting

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is exactly v1.2.0.14 (408), device is vulnerable.

Check Version:

curl -s http://router-ip/login/Auth | grep firmware version or check web interface

Verify Fix Applied:

Verify firmware version has changed from v1.2.0.14 (408) to a newer version.

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /goform/qossetting with large qos parameter
  • Router crash/reboot logs

Network Indicators:

  • Abnormal POST requests to router IP port 80 with oversized qos parameter
  • Sudden loss of router connectivity

SIEM Query:

source="router_logs" AND uri="/goform/qossetting" AND method="POST" AND size_bytes>1000

📊 Metadata

CVE ID: CVE-2024-42949
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: August 15, 2024
Last Updated: August 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42949, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)