Cyber Resilience

CVE-2024-3009

MediumPublic PoC

Published: 28 March 2024

Published
28 March 2024
Modified
15 January 2025
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0591 90.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-3009 is a medium-severity Command Injection (CWE-77) vulnerability in Tenda Fh1205 Firmware. Its CVSS base score is 6.3 (Medium).

Operationally, ranked in the top 9.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A command injection vulnerability exists in Tenda FH1205 firmware version 2.0.0.7(775). The flaw resides in the formWriteFacMac function of the /goform/WriteFacMac endpoint, where unsanitized input to the mac parameter is passed to an operating system command. The issue is tracked as CVE-2024-3009, assigned CWE-77, and carries a CVSS 3.1 score of 6.3.

An authenticated remote attacker can supply a crafted mac value to execute arbitrary commands on the device. Because the attack requires only low-privileged credentials and no user interaction, an adversary who obtains or guesses valid administrative credentials can achieve limited control over the router’s configuration and runtime environment. A public proof-of-concept has been released, confirming the vector.

No vendor patch or mitigation guidance has been issued; the manufacturer did not respond to disclosure. The associated EPSS score has remained flat at 0.0591 since publication, indicating no measurable increase in observed exploitation interest.

EU & UK References

Vulnerability details

A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched…

more

remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tenda
fh1205 firmware
2.0.0.7\(775\)

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References