CVE-2024-2991
Published: 27 March 2024
Summary
CVE-2024-2991 is a medium-severity Command Injection (CWE-77) vulnerability in Tenda Fh1203 Firmware. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-2991 is a command injection vulnerability affecting the Tenda FH1203 router running firmware version 2.0.1.6. It exists in the formWriteFacMac function of the /goform/WriteFacMac endpoint, where unsanitized input to the mac argument permits execution of arbitrary operating system commands. The issue is tracked under CWE-77 and carries a CVSS 3.1 score of 6.3.
An attacker with low-privileged network access can trigger the flaw remotely without user interaction, resulting in limited effects on confidentiality, integrity, and availability. Public exploit code has already been published that demonstrates the injection technique against the affected endpoint.
The vendor was notified prior to disclosure but provided no response or patch. The associated EPSS score has remained flat at 0.0610 with no material rise since publication, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-27931
Vulnerability details
A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The…
more
exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in router web interface (/goform/WriteFacMac) enables remote exploitation of public-facing application (T1190), indirect command execution (T1202 as noted in advisory), and arbitrary Unix shell command execution (T1059.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.