CVE-2024-42941: n/a
CVE-2024-42941 is a high-severity stack overflow vulnerability found in Tenda FH1201 router firmware version 1. 2. 0. 14 (build 408). The flaw exists in the fromAdvSetWan function, specifically via the wanmode parameter, which can be exploited by sending a crafted POST request. Successful exploitation results in a Denial of Service (DoS) condition, causing the device to crash or become unresponsive. This vulnerability does not require authentication or user interaction and can be triggered remotely over the network. Although no known exploits are currently reported in the wild, the vulnerability's network accessibility and ease of exploitation make it a significant risk. The CVSS v3. 1 base score is 7.
AI Analysis
Technical Summary
CVE-2024-42941 is a stack-based buffer overflow vulnerability identified in the Tenda FH1201 router firmware version 1.2.0.14 (build 408). The vulnerability resides in the fromAdvSetWan function, which processes the wanmode parameter received via HTTP POST requests. Improper handling of this parameter allows an attacker to overflow the stack, leading to memory corruption. This can cause the router to crash or reboot unexpectedly, resulting in a Denial of Service (DoS). The vulnerability can be exploited remotely without authentication or user interaction, as the affected function is accessible over the WAN interface. The weakness is classified under CWE-121 (Stack-based Buffer Overflow). The CVSS v3.1 score of 7.5 indicates a high severity level, primarily due to the network attack vector, low attack complexity, and the complete loss of availability upon successful exploitation. No patches or official fixes have been published at the time of disclosure, and no active exploits have been observed in the wild. However, the vulnerability poses a significant threat to network stability and availability for users of the affected router model.
Potential Impact
The primary impact of CVE-2024-42941 is the disruption of network services due to Denial of Service conditions caused by router crashes or reboots. Organizations relying on Tenda FH1201 routers for internet connectivity or network routing may experience intermittent or prolonged outages, affecting business operations, communications, and access to critical resources. The vulnerability does not compromise confidentiality or integrity directly but can indirectly affect operational continuity. In environments where network availability is critical, such as small to medium enterprises, branch offices, or home offices using this router, the impact can be significant. Additionally, attackers could leverage this DoS condition as part of a larger attack strategy, such as distracting defenders or creating network instability. The lack of authentication requirement and remote exploitability increase the risk of widespread exploitation, especially if automated scanning tools identify vulnerable devices.
Mitigation Recommendations
1. Immediate mitigation involves restricting WAN-side access to the router's management interface to trusted IP addresses or disabling remote management if not required. 2. Network administrators should implement firewall rules to block unsolicited POST requests targeting the vulnerable endpoint or parameter. 3. Monitor network traffic for unusual POST requests containing abnormal or oversized wanmode parameters. 4. Segregate vulnerable devices on isolated network segments to limit exposure. 5. Regularly check for firmware updates or security advisories from Tenda and apply patches promptly once available. 6. Consider replacing affected routers with models from vendors with a strong security track record if timely patches are not provided. 7. Employ network intrusion detection systems (NIDS) with signatures or heuristics to detect exploitation attempts targeting this vulnerability. 8. Educate network personnel about this vulnerability to ensure rapid response to any signs of exploitation.
Affected Countries
China, United States, India, Brazil, Russia, Germany, United Kingdom, France, Australia, South Africa
CVE-2024-42941: n/a
Description
CVE-2024-42941 is a high-severity stack overflow vulnerability found in Tenda FH1201 router firmware version 1. 2. 0. 14 (build 408). The flaw exists in the fromAdvSetWan function, specifically via the wanmode parameter, which can be exploited by sending a crafted POST request. Successful exploitation results in a Denial of Service (DoS) condition, causing the device to crash or become unresponsive. This vulnerability does not require authentication or user interaction and can be triggered remotely over the network. Although no known exploits are currently reported in the wild, the vulnerability's network accessibility and ease of exploitation make it a significant risk. The CVSS v3. 1 base score is 7.
AI-Powered Analysis
Technical Analysis
CVE-2024-42941 is a stack-based buffer overflow vulnerability identified in the Tenda FH1201 router firmware version 1.2.0.14 (build 408). The vulnerability resides in the fromAdvSetWan function, which processes the wanmode parameter received via HTTP POST requests. Improper handling of this parameter allows an attacker to overflow the stack, leading to memory corruption. This can cause the router to crash or reboot unexpectedly, resulting in a Denial of Service (DoS). The vulnerability can be exploited remotely without authentication or user interaction, as the affected function is accessible over the WAN interface. The weakness is classified under CWE-121 (Stack-based Buffer Overflow). The CVSS v3.1 score of 7.5 indicates a high severity level, primarily due to the network attack vector, low attack complexity, and the complete loss of availability upon successful exploitation. No patches or official fixes have been published at the time of disclosure, and no active exploits have been observed in the wild. However, the vulnerability poses a significant threat to network stability and availability for users of the affected router model.
Potential Impact
The primary impact of CVE-2024-42941 is the disruption of network services due to Denial of Service conditions caused by router crashes or reboots. Organizations relying on Tenda FH1201 routers for internet connectivity or network routing may experience intermittent or prolonged outages, affecting business operations, communications, and access to critical resources. The vulnerability does not compromise confidentiality or integrity directly but can indirectly affect operational continuity. In environments where network availability is critical, such as small to medium enterprises, branch offices, or home offices using this router, the impact can be significant. Additionally, attackers could leverage this DoS condition as part of a larger attack strategy, such as distracting defenders or creating network instability. The lack of authentication requirement and remote exploitability increase the risk of widespread exploitation, especially if automated scanning tools identify vulnerable devices.
Mitigation Recommendations
1. Immediate mitigation involves restricting WAN-side access to the router's management interface to trusted IP addresses or disabling remote management if not required. 2. Network administrators should implement firewall rules to block unsolicited POST requests targeting the vulnerable endpoint or parameter. 3. Monitor network traffic for unusual POST requests containing abnormal or oversized wanmode parameters. 4. Segregate vulnerable devices on isolated network segments to limit exposure. 5. Regularly check for firmware updates or security advisories from Tenda and apply patches promptly once available. 6. Consider replacing affected routers with models from vendors with a strong security track record if timely patches are not provided. 7. Employ network intrusion detection systems (NIDS) with signatures or heuristics to detect exploitation attempts targeting this vulnerability. 8. Educate network personnel about this vulnerability to ensure rapid response to any signs of exploitation.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-08-05T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6cd2b7ef31ef0b5694f1
Added to database: 2/25/2026, 9:42:42 PM
Last enriched: 2/26/2026, 7:38:40 AM
Last updated: 2/26/2026, 12:46:12 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-14343: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Dokuzsoft Technology Ltd. E-Commerce Product
HighCVE-2026-1198: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Simple SA Simple.ERP
HighCVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk
HighCVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing
HighCVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.