Severity: Unknown
Description: A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score: N/A
B
No data available.
No data available.
1. Risk Assessment
The vulnerability identified as CVE-2024-7151 is a critical stack-based buffer overflow in the Tenda O3 router firmware version 1.0.0.10(2478). This flaw resides in the `fromMacFilterSet` function within the `/goform/setMacFilter` file, specifically affecting the `remark` argument. The vulnerability can be exploited remotely, requiring low attack complexity and only low privileges, making it highly accessible to attackers. The CVSS v3.1 base score of 8.8 (HIGH) underscores its severity, with impacts on confidentiality, integrity, and availability rated as high.
The likelihood of exploitation is significant, as the exploit has been publicly disclosed and is available for use. Attackers can leverage this vulnerability to execute arbitrary code, potentially gaining full control over the affected device. This could lead to unauthorized access to sensitive data, disruption of network services, or even the deployment of malware. The business impact is substantial, particularly for organizations relying on Tenda O3 routers for network infrastructure, as it could result in data breaches, operational downtime, and reputational damage.
2. Potential Attack Scenarios
One potential attack scenario involves an attacker targeting a vulnerable Tenda O3 router within an organization's network. The attacker begins by scanning the network for devices running the affected firmware version. Once identified, the attacker sends a specially crafted request to the `/goform/setMacFilter` endpoint, manipulating the `remark` argument to trigger the stack-based buffer overflow.
The overflow allows the attacker to overwrite critical memory regions, enabling the execution of arbitrary code with the privileges of the affected service. With this level of access, the attacker can install malware, exfiltrate sensitive data, or pivot to other devices within the network. The potential outcomes include complete compromise of the router, unauthorized access to internal systems, and disruption of network operations, leading to significant financial and operational consequences for the organization.
3. Mitigation Recommendations
Immediate action is required to mitigate this vulnerability. Organizations using Tenda O3 routers should first check the firmware version and confirm if it is affected. If the device is running version 1.0.0.10(2478), the following steps are recommended:
- Apply any available firmware updates or patches from the vendor. As of the disclosure date, the vendor has not responded, so organizations should monitor official channels for updates.
- If no patch is available, consider disabling the affected functionality or restricting access to the vulnerable endpoint through network segmentation or firewall rules.
- Implement intrusion detection and prevention systems (IDPS) to monitor for suspicious activity targeting the `/goform/setMacFilter` endpoint.
- Regularly review and update network security policies to ensure devices are not exposed to unnecessary risks.
For additional technical details and exploit information, refer to the following resources:
- PacketStorm Security: https://packetstormsecurity.com/search/?q=CVE-2024-7151
- VulDB Entry: https://vuldb.com/?id.272554
- GitHub Exploit Details: https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/fromMacFilterSet.md
4. Executive Summary
CVE-2024-7151 is a critical vulnerability affecting Tenda O3 routers, allowing remote attackers to execute arbitrary code through a stack-based buffer overflow. This flaw poses a high risk to organizations, with potential impacts including data breaches, network compromise, and operational disruption. The exploit is publicly available, increasing the likelihood of attacks.
To safeguard against this threat, organizations must immediately verify if their devices are running the affected firmware and apply patches if available. If no patch is provided by the vendor, mitigating controls such as network segmentation and intrusion detection should be implemented. Addressing this vulnerability is urgent to protect sensitive data, maintain network integrity, and ensure business continuity. Failure to act could result in severe financial and reputational consequences.
Severity: Unknown
Description: A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score: N/A
B
No data available.
No data available.
1. Risk Assessment
The vulnerability identified as CVE-2024-7152 is a critical stack-based buffer overflow in the Tenda O3 router firmware version 1.0.0.10(2478). This flaw resides in the `fromSafeSetMacFilter` function within the `/goform/setMacFilterList` file, specifically involving the manipulation of the `time` argument. The vulnerability has a CVSS v3.1 base score of 8.8 (HIGH), indicating a severe risk.
The nature of this vulnerability allows remote attackers to exploit it without requiring user interaction, provided they have low-privileged access to the system. The exploitation of this flaw can lead to arbitrary code execution, potentially compromising the confidentiality, integrity, and availability of the affected device. Given that the exploit has been publicly disclosed and may already be in use, the likelihood of exploitation is high.
The business impact of this vulnerability is significant. If exploited, attackers could gain full control over the router, enabling them to intercept sensitive data, manipulate network traffic, or render the device inoperable. This could lead to operational disruptions, data breaches, and reputational damage for organizations relying on the affected devices.
2. Potential Attack Scenarios
One potential attack scenario involves an attacker leveraging the stack-based buffer overflow to execute arbitrary code on the Tenda O3 router. The attack vector begins with the attacker gaining low-privileged access to the router, either through compromised credentials or another vulnerability. Once access is obtained, the attacker sends a specially crafted request to the `/goform/setMacFilterList` endpoint, manipulating the `time` argument to trigger the buffer overflow.
The attack process involves overwriting the stack memory, allowing the attacker to inject malicious code into the router's execution flow. This could result in the execution of arbitrary commands, enabling the attacker to install malware, exfiltrate sensitive data, or pivot to other devices on the network. The potential outcomes include complete compromise of the router, unauthorized access to connected devices, and disruption of network services.
3. Mitigation Recommendations
Immediate action is required to mitigate this vulnerability. The following steps are recommended:
- Apply the latest firmware update from Tenda as soon as it becomes available. Monitor the vendor's website or contact their support team for updates.
- If a patch is not immediately available, consider disabling the affected functionality or restricting access to the `/goform/setMacFilterList` endpoint.
- Implement network segmentation to isolate the affected routers from critical systems, reducing the potential impact of an exploit.
- Monitor network traffic for unusual activity, particularly requests targeting the vulnerable endpoint.
- Review and update access controls to ensure that only authorized users have administrative access to the router.
For additional guidance, refer to the following resources:
- PacketStorm Security: https://packetstormsecurity.com/search/?q=CVE-2024-7152
- VulDB Entry: https://vuldb.com/?id.272555
- GitHub Exploit Details: https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/fromSafeSetMacFilter.md
4. Executive Summary
CVE-2024-7152 is a critical vulnerability affecting the Tenda O3 router firmware, posing a high risk to organizations using this device. The flaw allows remote attackers to execute arbitrary code, potentially leading to data breaches, network disruptions, and unauthorized access to connected systems. The exploit has been publicly disclosed, increasing the likelihood of active exploitation.
To address this vulnerability, immediate action is required. Organizations should apply firmware updates, restrict access to vulnerable endpoints, and monitor network traffic for signs of exploitation. Failure to mitigate this risk could result in significant operational and reputational damage. Prioritizing these actions is essential to safeguard network integrity and protect sensitive data.
Severity: Unknown
Description: A vulnerability was determined in Tenda O3 1.0.0.10(2478). Affected is the function SetValue/GetValue of the file /goform/setDhcpConfig. Executing manipulation of the argument dhcpEn can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVSS Score: N/A
Severity: Unknown
Description: A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVSS Score: N/A
Severity: Unknown
Description: A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
CVSS Score: N/A
Severity: Unknown
Description: A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
CVSS Score: N/A
Severity: Unknown
Description: A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS Score: N/A
Severity: Unknown
Description: A vulnerability was detected in Tenda O3 1.0.0.10(2478). This issue affects the function SetValue/GetValue of the file /goform/sysAutoReboot. Performing manipulation of the argument enable results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
CVSS Score: N/A