CVE-2024-42968 – This vulnerability in Tenda FH1206 routers allo... (How to Fix)

Q: What is the severity of CVE-2024-42968?

CVE-2024-42968 has a CVSS score of 7.5 (HIGH). This vulnerability in Tenda FH1206 routers allows attackers to trigger a stack overflow via the Go parameter in the fromSafeUrlFilter function through crafted POST requests. This can cause Denial of Service (DoS) by crashing the device. Only users of Tenda FH1206 routers with vulnerable firmware are affected.

📋 TL;DR

This vulnerability in Tenda FH1206 routers allows attackers to trigger a stack overflow via the Go parameter in the fromSafeUrlFilter function through crafted POST requests. This can cause Denial of Service (DoS) by crashing the device. Only users of Tenda FH1206 routers with vulnerable firmware are affected.

💻 Affected Systems

Products:

Tenda FH1206

Versions: v02.03.01.35

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web management interface. All devices running this firmware version are vulnerable.

📦 What is this software?

Fh1206 Firmware by Tenda

View all CVEs affecting Fh1206 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reset, potentially leading to extended network downtime and service disruption.

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality, causing temporary network outage.

🟢

If Mitigated

Minimal impact if device is behind firewall with restricted web interface access and proper network segmentation.

🌐 Internet-Facing: HIGH - Web management interface is typically exposed, allowing direct exploitation from internet.

🏢 Internal Only: MEDIUM - Requires network access but can be exploited from internal networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub. Exploitation requires sending crafted POST request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. If update available, download and upload via web interface. 3. Reboot router after update.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to web management interface

Access router web interface > System Tools > Remote Management > Disable

Restrict Web Interface Access

all

Limit access to management interface to trusted IPs only

Access router web interface > Security > Access Control > Add trusted IP ranges

🧯 If You Can't Patch

Replace vulnerable router with updated model or different vendor
Place router behind firewall with strict inbound rules blocking web interface ports

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Status or System Tools > Firmware Upgrade

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version is newer than v02.03.01.35

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/safeUrlFilter with malformed Go parameter
Router crash/reboot events in system logs

Network Indicators:

Unusual POST requests to router management interface
Sudden loss of connectivity to router

SIEM Query:

source="router_logs" AND (url_path="/goform/safeUrlFilter" AND method="POST" AND parameter="Go" AND size>1000)

📊 Metadata

CVE ID: CVE-2024-42968

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: August 15, 2024

Last Updated: August 16, 2024

🔗 References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSafeMacFilter_Go.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42968, you might also want to check these: