CVE-2024-7614 – This critical vulnerability in Tenda FH1206 rou... (How to Fix)

Q: What is the severity of CVE-2024-7614?

CVE-2024-7614 has a CVSS score of 8.8 (HIGH). This critical vulnerability in Tenda FH1206 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the QoS configuration function. Attackers can exploit this without authentication to potentially take full control of affected devices. All users of Tenda FH1206 routers with firmware version 1.2.0.8(8155) are affected.

📋 TL;DR

This critical vulnerability in Tenda FH1206 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the QoS configuration function. Attackers can exploit this without authentication to potentially take full control of affected devices. All users of Tenda FH1206 routers with firmware version 1.2.0.8(8155) are affected.

💻 Affected Systems

Products:

Tenda FH1206

Versions: 1.2.0.8(8155)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable QoS configuration function is accessible via the web interface and API endpoints.

📦 What is this software?

Fh1206 Firmware by Tenda

View all CVEs affecting Fh1206 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent backdoor installation, network traffic interception, lateral movement to other devices, and participation in botnets.

🟠

Likely Case

Remote code execution leading to device takeover, credential theft, and network surveillance capabilities.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and public exploit code exists.

🏢 Internal Only: HIGH - Even internally, the vulnerability requires no authentication and can be exploited by any network-adjacent attacker.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. If available, download the latest firmware. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the vulnerable interface by disabling remote administration features.

Network Segmentation

all

Isolate affected routers in separate VLANs with strict firewall rules limiting access to management interfaces.

🧯 If You Can't Patch

Replace affected devices with patched or alternative models
Implement strict network access controls to limit exposure to the vulnerable interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface: System Status > Firmware Version. If version is 1.2.0.8(8155), device is vulnerable.

Check Version:

No CLI command available; check via web interface at System Status > Firmware Version

Verify Fix Applied:

Verify firmware version has changed from 1.2.0.8(8155) to a newer version after applying any available update.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/qossetting with long parameter values
Multiple failed authentication attempts followed by QoS configuration requests

Network Indicators:

HTTP POST requests to router IP on port 80/443 targeting /goform/qossetting with abnormal payload sizes
Traffic patterns suggesting buffer overflow attempts

SIEM Query:

source="router_logs" AND (uri="/goform/qossetting" AND content_length>1000) OR (event_description CONTAINS "buffer overflow" AND device_model="FH1206")

📊 Metadata

CVE ID: CVE-2024-7614

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: August 12, 2024

Last Updated: August 21, 2024

🔗 References

https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/qossetting_bof Exploit,Third Party Advisory
https://vuldb.com/?ctiid.273984 Third Party Advisory
https://vuldb.com/?id.273984 Third Party Advisory
https://vuldb.com/?submit.383692 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7614, you might also want to check these: