CVE-2024-51116 – A buffer overflow vulnerability in Tenda AC6 ro... (How to Fix)

📋 TL;DR

A buffer overflow vulnerability in Tenda AC6 routers allows attackers to execute arbitrary code by sending specially crafted requests to the formSetPPTPServer function. This affects Tenda AC6 v2.0 routers running firmware version V15.03.06.50. Attackers could potentially gain full control of affected devices.

💻 Affected Systems

Products:

Tenda AC6 v2.0

Versions: V15.03.06.50

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific hardware version v2.0 with this exact firmware version. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, creation of persistent backdoors, and pivoting to internal networks.

🟠

Likely Case

Router compromise allowing traffic interception, DNS manipulation, credential theft, and denial of service.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from WAN interfaces.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access, but requires specific targeting.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains proof-of-concept code. Exploitation appears straightforward based on the buffer overflow nature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates
2. If update available, download and flash via web interface
3. Factory reset after update to ensure clean configuration
4. Verify version is no longer V15.03.06.50

🔧 Temporary Workarounds

Disable PPTP Server

all

Disable the vulnerable PPTP server functionality if not required

Network Segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace affected routers with supported models from different vendors
Implement strict firewall rules blocking all inbound traffic to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Access router web interface at 192.168.0.1, navigate to System Status page and check firmware version

Check Version:

curl -s http://192.168.0.1/ | grep -i 'firmware version' or check web interface

Verify Fix Applied:

Verify firmware version has changed from V15.03.06.50 to a newer version

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to formSetPPTPServer endpoint
Router crash/reboot logs
Memory corruption errors in system logs

Network Indicators:

Unusual traffic patterns to router management interface
Large payloads sent to PPTP configuration endpoints

SIEM Query:

source="router_logs" AND ("formSetPPTPServer" OR "PPTP" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2024-51116

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: November 5, 2024

Last Updated: April 9, 2025

🔗 References

https://github.com/CLan-nad/CVE/blob/main/tenda/formSetPPTPServer/readme.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51116, you might also want to check these: