CVE-2022-24166 in Tenda
Summary
by MITRE • 02/04/2022
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/05/2022
The vulnerability identified as CVE-2022-24166 affects Tenda routers G1 and G3 models running firmware version v15.11.0.17(9502)_CN, representing a critical stack overflow condition within the formSetSysTime function. This flaw resides in the router's web interface handling mechanism where the manualTime parameter is processed without adequate input validation or bounds checking. The stack overflow occurs when an attacker crafts a malicious payload containing an oversized manualTime value that exceeds the allocated stack buffer space, leading to memory corruption and subsequent system instability.
The technical exploitation of this vulnerability leverages the absence of proper parameter sanitization in the router's firmware implementation. When the formSetSysTime function processes the manualTime parameter, it fails to validate the input length or enforce size limitations before copying data into fixed-size stack buffers. This classic buffer overflow condition allows an attacker to overwrite adjacent stack memory locations including return addresses and function pointers, ultimately causing the router's web server process to crash or terminate unexpectedly. The vulnerability specifically targets the router's time synchronization functionality where users can manually set system time through the administrative interface.
From an operational perspective, this stack overflow vulnerability enables remote attackers to achieve a denial of service condition against the affected Tenda routers, effectively rendering them inaccessible to legitimate users and administrators. The DoS impact extends beyond simple service disruption as the router may require manual reboot or firmware reflash to restore normal operation. Network administrators face significant operational challenges as the vulnerability can be exploited without authentication, allowing any remote attacker to compromise router availability and potentially disrupt network services for extended periods. The affected devices may become completely unresponsive to web interface requests and network management operations.
Security professionals should note that this vulnerability aligns with CWE-121 Stack-based Buffer Overflow, which is categorized under the Common Weakness Enumeration framework as a fundamental memory safety issue. The attack pattern follows typical exploit methodologies documented in the MITRE ATT&CK framework under the T1210 technique for Exploitation of Remote Services, where attackers leverage unpatched firmware vulnerabilities to gain control over network infrastructure devices. Organizations should immediately implement network segmentation measures to isolate affected routers and monitor for suspicious traffic patterns indicating exploitation attempts. The recommended mitigation strategy involves applying firmware updates from Tenda's official support channels, as well as implementing network access controls to restrict direct internet access to router administrative interfaces. Additionally, network administrators should establish monitoring procedures to detect and respond to DoS attempts targeting these specific router models through their web management interfaces.