CVE-2024-42953 – Tenda FH1201 routers running firmware v1.2.0.14... (How to Fix)

Q: What is the severity of CVE-2024-42953?

CVE-2024-42953 has a CVSS score of 7.5 (HIGH). Tenda FH1201 routers running firmware v1.2.0.14 (408) contain a stack overflow vulnerability in the fromWizardHandle function's PPW parameter. Attackers can exploit this via crafted POST requests to cause Denial of Service (DoS), potentially crashing the device. This affects users who haven't updated their Tenda FH1201 routers.

📋 TL;DR

Tenda FH1201 routers running firmware v1.2.0.14 (408) contain a stack overflow vulnerability in the fromWizardHandle function's PPW parameter. Attackers can exploit this via crafted POST requests to cause Denial of Service (DoS), potentially crashing the device. This affects users who haven't updated their Tenda FH1201 routers.

💻 Affected Systems

Products:

Tenda FH1201

Versions: v1.2.0.14 (408)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed

📦 What is this software?

Fh1201 Firmware by Tendacn

View all CVEs affecting Fh1201 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, potential remote code execution if stack overflow can be controlled to execute arbitrary code

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality

🟢

If Mitigated

No impact if device is patched or network controls prevent exploitation

🌐 Internet-Facing: HIGH - Routers are typically internet-facing and vulnerable to remote exploitation

🏢 Internal Only: MEDIUM - Could be exploited from internal network if attacker gains access

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains proof-of-concept; exploitation requires sending crafted POST request to vulnerable endpoint

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware 3. Access router admin interface 4. Upload and apply firmware update 5. Reboot router

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable routers from untrusted networks

Access Control

linux

Restrict access to router admin interface

iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Replace vulnerable device with updated model
Deploy behind firewall with strict ingress filtering

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface; if version is v1.2.0.14 (408), device is vulnerable

Check Version:

curl -s http://router-ip/login/Auth | grep version or check admin interface

Verify Fix Applied:

Verify firmware version has changed from v1.2.0.14 (408) to newer version

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/fromWizardHandle with long PPW parameter
Router crash/reboot logs

Network Indicators:

POST requests with unusually long PPW parameter values to router port 80

SIEM Query:

source="router_logs" AND (uri_path="/goform/fromWizardHandle" AND ppw_length>100)

📊 Metadata

CVE ID: CVE-2024-42953

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: August 15, 2024

Last Updated: August 16, 2024

🔗 References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromWizardHandle_PPW.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42953, you might also want to check these: