CVE-2024-42955 – CVE-2024-42955 is a stack overflow vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-42955?

CVE-2024-42955 has a CVSS score of 7.5 (HIGH). CVE-2024-42955 is a stack overflow vulnerability in Tenda FH1201 routers that allows attackers to cause Denial of Service (DoS) by sending specially crafted POST requests. This affects Tenda FH1201 router users running vulnerable firmware versions. The vulnerability exists in the fromSafeClientFilter function's handling of the page parameter.

📋 TL;DR

CVE-2024-42955 is a stack overflow vulnerability in Tenda FH1201 routers that allows attackers to cause Denial of Service (DoS) by sending specially crafted POST requests. This affects Tenda FH1201 router users running vulnerable firmware versions. The vulnerability exists in the fromSafeClientFilter function's handling of the page parameter.

💻 Affected Systems

Products:

Tenda FH1201

Versions: v1.2.0.14 (408)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but not confirmed

📦 What is this software?

Fh1201 Firmware by Tenda

View all CVEs affecting Fh1201 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reboot, potential remote code execution if stack overflow can be controlled precisely (though not confirmed in this CVE)

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality, disrupting network connectivity

🟢

If Mitigated

Minimal impact with proper network segmentation and firewall rules blocking external access to router management interface

🌐 Internet-Facing: HIGH if router management interface is exposed to internet, as exploit requires only a crafted POST request

🏢 Internal Only: MEDIUM for internal networks, as attacker would need internal network access first

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub showing how to trigger the vulnerability via POST request

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware 3. Upload via router admin interface 4. Reboot router

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router management interface

Network segmentation

all

Isolate router management interface to trusted network segment only

🧯 If You Can't Patch

Replace vulnerable router with different model/brand
Implement strict firewall rules blocking all external access to router management interface (ports 80/443)

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

Login to router admin interface and navigate to System Status page

Verify Fix Applied:

Verify firmware version has been updated to a version newer than v1.2.0.14 (408)

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to router management interface with malformed page parameter
Router crash/reboot logs

Network Indicators:

Unusual POST requests to router management interface from external IPs
Sudden loss of router connectivity

SIEM Query:

source="router_logs" AND (http_method="POST" AND uri CONTAINS "fromSafeClientFilter" OR message CONTAINS "crash" OR message CONTAINS "reboot")

📊 Metadata

CVE ID: CVE-2024-42955

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: August 15, 2024

Last Updated: August 16, 2024

🔗 References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromSafeClientFilter_page.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42955, you might also want to check these: