CVE-2024-44859 – CVE-2024-44859 is a stack buffer overflow vulne... (How to Fix)

Q: What is the severity of CVE-2024-44859?

CVE-2024-44859 has a CVSS score of 8.0 (HIGH). CVE-2024-44859 is a stack buffer overflow vulnerability in the formWrlExtraGet function of Tenda FH1201 routers. This allows attackers to execute arbitrary code remotely by sending specially crafted requests. Users of Tenda FH1201 routers with vulnerable firmware are affected.

📋 TL;DR

CVE-2024-44859 is a stack buffer overflow vulnerability in the formWrlExtraGet function of Tenda FH1201 routers. This allows attackers to execute arbitrary code remotely by sending specially crafted requests. Users of Tenda FH1201 routers with vulnerable firmware are affected.

💻 Affected Systems

Products:

Tenda FH1201

Versions: v1.2.0.14

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default.

📦 What is this software?

Fh1201 Firmware by Tenda

View all CVEs affecting Fh1201 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence, and lateral movement within the network.

🟠

Likely Case

Router compromise allowing traffic interception, DNS hijacking, or botnet recruitment.

🟢

If Mitigated

Denial of service or limited information disclosure if exploit fails or is partially successful.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication on internet-facing devices.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but external exposure is the primary concern.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists in GitHub repository, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. If update available, download and install via router admin interface. 3. Reboot router after update.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace vulnerable router with different model or vendor
Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface at 192.168.0.1 or 192.168.1.1

Check Version:

Check router web interface or use nmap to identify device and version

Verify Fix Applied:

Verify firmware version is no longer v1.2.0.14 after update

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to formWrlExtraGet endpoint
Router crash/restart logs

Network Indicators:

Malformed HTTP requests to router management interface
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (uri="*/formWrlExtraGet" OR message="*buffer overflow*")

📊 Metadata

CVE ID: CVE-2024-44859

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: September 4, 2024

Last Updated: April 9, 2025

🔗 References

https://github.com/Ha0-Y/IoT/blob/main/tenda-F1201/WrlExtraGet.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-44859, you might also want to check these: