Cyber Resilience

CVE-2024-2982

MediumPublic PoC

Published: 27 March 2024

Published
27 March 2024
Modified
14 January 2025
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0514 90.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2982 is a medium-severity Command Injection (CWE-77) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 9.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-2982 is a command-injection vulnerability in the Tenda FH1202 router running firmware version 1.2.0.14(408). It resides in the formWriteFacMac function of the /goform/WriteFacMac endpoint, where unsanitized input supplied to the mac argument is passed directly to an operating-system command.

An authenticated attacker on the local network can supply a crafted mac value to execute arbitrary commands on the device. The CVSS 3.1 score of 5.5 reflects adjacent-network access with low attack complexity and low-privileged credentials, resulting in limited impacts to confidentiality, integrity, and availability.

Public proof-of-concept code has been published on GitHub, and the issue was disclosed without vendor response or patch information. The EPSS score has remained flat at 0.0514 since publication, indicating no measurable increase in observed exploitation activity.

EU & UK References

Vulnerability details

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed…

more

to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1202 Indirect Command Execution Stealth
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Why these techniques?

Command injection via web form parameter 'mac' in Tenda FH1202 router enables arbitrary OS command execution, facilitating Network Device CLI abuse (T1059.008) and Indirect Command Execution (T1202) as noted in the advisory.

Affected Assets

tenda
fh1202 firmware
1.2.0.14\(408\)

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References