CVE-2024-42944: n/a
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
AI Analysis
Technical Summary
CVE-2024-42944 is a stack-based buffer overflow vulnerability identified in the Tenda FH1201 router firmware version 1.2.0.14 (build 408). The vulnerability arises from improper handling of the 'page' parameter within the fromNatlimit function. An attacker can craft a specially formatted POST request targeting this parameter, which causes the function to overflow the stack buffer. This overflow leads to a denial of service condition by crashing the router or causing it to become unresponsive. The vulnerability does not require any authentication or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score is 6.5, reflecting a medium severity level due to the lack of confidentiality or integrity impact and the limited scope to availability disruption only. The weakness is classified under CWE-121 (Stack-based Buffer Overflow). Currently, no patches or official remediation guidance have been published by Tenda, and no active exploitation has been reported. The vulnerability affects a specific firmware version, and users should verify their device version to assess exposure.
Potential Impact
The primary impact of CVE-2024-42944 is the potential for denial of service on affected Tenda FH1201 routers. This can disrupt network connectivity for organizations relying on these devices, potentially causing downtime and loss of productivity. Since the vulnerability does not compromise confidentiality or integrity, the risk of data breach or manipulation is low. However, the loss of availability can affect business operations, especially in environments where these routers serve as critical network gateways or are deployed in large numbers. The ease of exploitation without authentication increases the risk of automated attacks or scanning by threat actors. Organizations with remote or unmanaged Tenda FH1201 devices are particularly vulnerable to network-based DoS attacks leveraging this flaw.
Mitigation Recommendations
To mitigate CVE-2024-42944, organizations should first verify if they are using the affected Tenda FH1201 firmware version 1.2.0.14 (408). If so, they should monitor Tenda’s official channels for patches or firmware updates addressing this vulnerability and apply them promptly once available. In the interim, network administrators can implement access control measures such as firewall rules to restrict inbound POST requests to the router’s management interface from untrusted networks. Disabling remote management or restricting it to trusted IP addresses can reduce exposure. Network segmentation can also limit the impact of a compromised or crashed router. Additionally, monitoring network traffic for unusual POST requests targeting the router may help detect exploitation attempts. Regularly backing up router configurations and having contingency plans for device replacement or reboot can minimize downtime if a DoS occurs.
Affected Countries
China, India, Russia, Brazil, United States, Indonesia, Vietnam, Thailand, Mexico, South Africa
CVE-2024-42944: n/a
Description
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-42944 is a stack-based buffer overflow vulnerability identified in the Tenda FH1201 router firmware version 1.2.0.14 (build 408). The vulnerability arises from improper handling of the 'page' parameter within the fromNatlimit function. An attacker can craft a specially formatted POST request targeting this parameter, which causes the function to overflow the stack buffer. This overflow leads to a denial of service condition by crashing the router or causing it to become unresponsive. The vulnerability does not require any authentication or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score is 6.5, reflecting a medium severity level due to the lack of confidentiality or integrity impact and the limited scope to availability disruption only. The weakness is classified under CWE-121 (Stack-based Buffer Overflow). Currently, no patches or official remediation guidance have been published by Tenda, and no active exploitation has been reported. The vulnerability affects a specific firmware version, and users should verify their device version to assess exposure.
Potential Impact
The primary impact of CVE-2024-42944 is the potential for denial of service on affected Tenda FH1201 routers. This can disrupt network connectivity for organizations relying on these devices, potentially causing downtime and loss of productivity. Since the vulnerability does not compromise confidentiality or integrity, the risk of data breach or manipulation is low. However, the loss of availability can affect business operations, especially in environments where these routers serve as critical network gateways or are deployed in large numbers. The ease of exploitation without authentication increases the risk of automated attacks or scanning by threat actors. Organizations with remote or unmanaged Tenda FH1201 devices are particularly vulnerable to network-based DoS attacks leveraging this flaw.
Mitigation Recommendations
To mitigate CVE-2024-42944, organizations should first verify if they are using the affected Tenda FH1201 firmware version 1.2.0.14 (408). If so, they should monitor Tenda’s official channels for patches or firmware updates addressing this vulnerability and apply them promptly once available. In the interim, network administrators can implement access control measures such as firewall rules to restrict inbound POST requests to the router’s management interface from untrusted networks. Disabling remote management or restricting it to trusted IP addresses can reduce exposure. Network segmentation can also limit the impact of a compromised or crashed router. Additionally, monitoring network traffic for unusual POST requests targeting the router may help detect exploitation attempts. Regularly backing up router configurations and having contingency plans for device replacement or reboot can minimize downtime if a DoS occurs.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-08-05T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6cd2b7ef31ef0b5694fa
Added to database: 2/25/2026, 9:42:42 PM
Last enriched: 2/26/2026, 7:39:24 AM
Last updated: 4/11/2026, 4:59:35 PM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.