CVE-2024-45414 is a stack-based buffer overflow vulnerability identified in the HTTPD binary of multiple ZTE router models. The vulnerability is located in the webPrivateDecrypt function, which handles the decryption of RSA-encrypted ciphertext that is base64 encoded. When the ciphertext is decoded, it is stored on the stack without any bounds checking on its length, leading to a classic stack buffer overflow condition (CWE-121). This unchecked buffer allows an attacker to overwrite the stack, potentially corrupting the return address or other control data. Because the vulnerable function processes unauthenticated input, an attacker can remotely send specially crafted requests to the HTTPD service to exploit this flaw. Exploitation results in remote code execution with root privileges, granting full control over the affected device. The vulnerability has a CVSS 3.1 base score of 9.8, indicating critical severity with network attack vector, no required privileges, no user interaction, and full impact on confidentiality, integrity, and availability. Although no public patches or exploits are currently available, the severity and ease of exploitation make this a high-risk vulnerability for organizations using ZTE routers. The lack of authentication and the root-level RCE potential make this vulnerability particularly dangerous for network infrastructure security.

The impact of CVE-2024-45414 is severe for organizations worldwide that deploy affected ZTE routers in their network infrastructure. Successful exploitation allows attackers to gain root-level remote code execution, enabling full device compromise. This can lead to unauthorized access to internal networks, interception or manipulation of network traffic, disruption of network services, and potential pivoting to other internal systems. The confidentiality, integrity, and availability of network communications and connected systems are at significant risk. Since the vulnerability requires no authentication and no user interaction, it can be exploited remotely by any attacker with network access to the device's HTTPD service, increasing the attack surface. Critical infrastructure, enterprises, and service providers relying on ZTE routers may face operational disruptions, data breaches, and loss of trust. The absence of known exploits in the wild currently provides a limited window for proactive mitigation before potential weaponization.

Organizations should immediately identify and inventory all ZTE routers in their environment to determine exposure. Network segmentation and firewall rules should be applied to restrict access to the HTTPD management interface, limiting it to trusted administrative networks only. Where possible, disable remote management interfaces or restrict them via VPN or secure channels. Monitor network traffic for anomalous or suspicious requests targeting the HTTPD service. Since no official patches are currently available, consider deploying virtual patching via intrusion prevention systems (IPS) that can detect and block exploit attempts targeting this vulnerability. Engage with ZTE support channels to obtain information on forthcoming patches or firmware updates. Plan for rapid deployment of security updates once released. Additionally, maintain up-to-date backups and incident response plans to quickly recover from potential compromises. Avoid exposing affected devices directly to the internet until patched.