CVE-2024-45413 is a stack-based buffer overflow vulnerability identified in the HTTPD binary component of multiple ZTE router models. The vulnerability resides specifically in the rsa_decrypt function, which serves as an API wrapper for LUA scripts to decrypt RSA-encrypted ciphertext. The core issue is that the decrypted data is copied onto the stack without any bounds checking on its length, violating secure coding practices and leading to a classic CWE-121 buffer overflow. An attacker with authenticated access to the router’s HTTPD service can exploit this flaw by sending specially crafted RSA-encrypted data that, when decrypted, overflows the stack buffer. This overflow can overwrite the return address or other control data on the stack, enabling the attacker to execute arbitrary code with root privileges on the device. The vulnerability is remotely exploitable over the network (AV:N) but requires high attack complexity (AC:H) and no privileges (PR:N) or user interaction (UI:N). The CVSS v3.1 base score is 8.1, reflecting high impact on confidentiality, integrity, and availability. No patches or exploit code are currently publicly available, but the severity and ease of exploitation once authenticated make this a critical concern for affected organizations. The lack of specific affected versions suggests multiple firmware versions or models may be impacted, necessitating thorough inventory and vendor consultation.

The impact of CVE-2024-45413 is significant for organizations relying on vulnerable ZTE routers. Successful exploitation grants attackers root-level remote code execution, allowing full control over the device. This can lead to interception or manipulation of network traffic, persistent backdoors, disruption of network services, and lateral movement within internal networks. Confidential data passing through the router can be compromised, and the integrity of network infrastructure can be undermined. Given the critical role routers play in enterprise and ISP networks, exploitation could affect large numbers of users and critical infrastructure. The requirement for authentication somewhat limits exposure but does not eliminate risk, especially in environments where credentials may be weak, reused, or compromised. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the high severity score indicates urgent attention is warranted.

1. Immediately inventory all ZTE routers in the environment to identify potentially affected models and firmware versions. 2. Monitor ZTE vendor advisories and security bulletins for official patches or firmware updates addressing CVE-2024-45413 and apply them promptly upon release. 3. Restrict administrative access to router HTTPD interfaces to trusted management networks only, using network segmentation and access control lists (ACLs). 4. Enforce strong authentication mechanisms, including complex passwords and multi-factor authentication where supported, to reduce the risk of credential compromise. 5. Employ network intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection tuned to detect exploitation attempts targeting the rsa_decrypt function or unusual HTTPD traffic patterns. 6. Regularly audit router configurations and logs for suspicious activity indicative of exploitation attempts. 7. Consider deploying compensating controls such as VPNs or encrypted management channels to limit exposure of router management interfaces. 8. Educate network administrators about this vulnerability and the importance of timely patching and secure configuration.