CVE-2024-30593 in FH1202
Summary
by MITRE • 03/28/2024
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/13/2025
The vulnerability identified as CVE-2024-30593 affects the Tenda FH1202 router firmware version v1.2.0.14(408) and represents a critical stack overflow condition within the deviceName parameter processing of the formSetDeviceName function. This flaw resides in the web interface handling logic where user-supplied input is not properly validated or sanitized before being processed by the device's embedded web server. The stack overflow occurs when an attacker submits a specially crafted payload through the deviceName parameter, which then gets directly passed to a vulnerable function without adequate bounds checking or input length validation. The vulnerability stems from improper buffer management within the firmware's web application layer, where a fixed-size buffer is overwritten when user input exceeds the allocated memory space, potentially leading to arbitrary code execution or system crash.
This vulnerability presents significant operational risks as it can be exploited remotely through the web interface without requiring authentication, making it particularly dangerous for unsecured networks. The stack overflow condition creates an opportunity for attackers to manipulate the program execution flow by overwriting return addresses and function pointers on the stack, potentially allowing for privilege escalation or complete system compromise. According to CWE classification, this represents a CWE-121: Stack-based Buffer Overflow, which is categorized as a critical weakness in software security. The attack vector aligns with ATT&CK technique T1210: Exploitation of Remote Services, as it targets a network service exposed to external access through the web interface. The vulnerability's impact is amplified by the fact that many users may not regularly update their router firmware, leaving devices exposed to exploitation for extended periods.
The operational impact of this vulnerability extends beyond simple denial of service, as successful exploitation could provide attackers with persistent access to the network infrastructure, enabling them to monitor traffic, redirect connections, or establish backdoors for future access. Network administrators face significant challenges in identifying affected devices, as the vulnerability affects a specific firmware version that may be deployed across numerous installations worldwide. The exploitability of this vulnerability is enhanced by the fact that the affected parameter is part of a routine configuration function that users frequently interact with through the web interface. Mitigation strategies should include immediate firmware updates from Tenda, network segmentation to limit exposure, and monitoring for unusual traffic patterns or unauthorized configuration changes. Additionally, implementing network access controls and disabling unnecessary web services can reduce the attack surface and limit the potential impact of exploitation attempts.