CVE-2024-45413
📋 TL;DR
This vulnerability allows authenticated attackers to execute arbitrary code as root on affected ZTE routers through a stack-based buffer overflow in the HTTPD binary's RSA decryption function. Attackers can achieve remote code execution by sending specially crafted requests. All users of vulnerable ZTE router models are affected.
💻 Affected Systems
- Multiple ZTE router models
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with root-level remote code execution, allowing attackers to install persistent malware, intercept all network traffic, or use the router as a pivot point into internal networks.
Likely Case
Attackers with valid credentials gain full control of the router, enabling traffic interception, DNS hijacking, credential theft, and lateral movement into connected networks.
If Mitigated
With proper network segmentation and strong authentication controls, impact is limited to the router itself, though it could still serve as an entry point for further attacks.
🎯 Exploit Status
Requires authentication but buffer overflow exploitation is well-understood; likely to be weaponized given root access reward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not provided in references
Restart Required: Yes
Instructions:
1. Check ZTE vendor website for security updates. 2. Download and apply firmware update if available. 3. Reboot router to apply changes. 4. Verify fix by checking firmware version.
🔧 Temporary Workarounds
Disable remote administration
allPrevents external attackers from accessing the vulnerable HTTPD service
Access router admin interface → Administration → Remote Management → Disable
Change default credentials
allMitigates risk by requiring strong authentication
Access router admin interface → Administration → Change Password → Set strong unique password
🧯 If You Can't Patch
- Segment routers on isolated network segments
- Implement strict firewall rules limiting access to router management interfaces
🔍 How to Verify
Check if Vulnerable:
Check router model and firmware version against ZTE security advisories; test with authenticated request to RSA decryption endpoint if possible.Check Version:
Login to router admin interface and check System Status or About page for firmware version.Verify Fix Applied:
Verify firmware version has been updated to patched version; test RSA decryption with oversized input to confirm bounds checking.📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts followed by successful login and RSA decryption requests
- Unusual process execution or network connections from router
Network Indicators:
- Unusual outbound connections from router
- Traffic patterns suggesting command and control communication
SIEM Query:
source="router_logs" AND (event="authentication_success" OR event="rsa_decrypt") | stats count by src_ip