Tenda-specific modules in core Metasploit Framework


Metasploit's official modules focus more on popular enterprise brands (Cisco, Netgear, D-Link, TP-Link, etc.) or generic web command injection patterns. Tenda routers — being budget/SOHO devices common in markets like Kenya — tend to have vulnerabilities disclosed via Exploit-DB, GitHub PoCs, or researcher blogs, but **very few make it into Rapid7's official Metasploit repo**.


### Current Status (March 2026)

From recent searches and known sources:

- **No official Metasploit modules** exist in the main framework for Tenda routers (no `exploit/linux/http/tenda_*` or similar when you run `search tenda` in msfconsole).

- Older Tenda vulns (e.g., CVE-2018-5767 on AC15 RCE from 2018) have standalone Python exploits on Exploit-DB but were never ported to Metasploit.

- Recent 2025–2026 Tenda CVEs (e.g., command injection CVE-2025-13207 on N300/4G03, buffer overflows CVE-2025-7795 on FH451, CVE-2025-29384 on AC9, CVE-2025-1851 on AC7) usually come with:

  - Standalone Python/Ruby PoCs

  - Exploit-DB entries

  - GitHub repos with proof-of-concepts


One notable exception: For **CVE-2025-29384** (out-of-bounds write / stack overflow on Tenda AC9 firmware), a researcher released a **Ruby-based Metasploit-compatible module** in a GitHub PoC repo (Otsmane-Ahmed/cve-2025-29384-poc). It's **not** in official Metasploit, but you can manually add it.


### How to Use the CVE-2025-29384 Metasploit-Style Module (if your Tenda is AC9 or similar vulnerable model)

1. Clone the repo:

   ```bash

   git clone https://github.com/Otsmane-Ahmed/cve-2025-29384-poc.git

   cd cve-2025-29384-poc

   ```


2. Copy the Ruby file to your local Metasploit modules path:

   ```bash

   mkdir -p ~/.msf4/modules/exploits/linux/http/

   cp tenda_ac9_stack_overflow.rb ~/.msf4/modules/exploits/linux/http/

   ```


3. Reload Metasploit modules:

   ```bash

   msfconsole

   reload_all

   ```


4. Search and use it:

   ```

   search tenda_ac9

   use exploit/linux/http/tenda_ac9_stack_overflow   # or whatever the module path/name is

   show options

   set RHOSTS 192.168.0.1

   set RPORT 80

   set TARGETURI /goform/[relevant_endpoint_from_PoC]

   exploit

   ```


   - This is typically a DoS module (crashes the web server), but some variants aim for potential RCE.

   - Check the repo's README for exact payload/target options — it's unauthenticated in many cases.


### Alternatives for Tenda Exploitation (Better Than Waiting for Official Modules)

Since official Metasploit is thin on Tenda:

1. **Routersploit** (still the best dedicated tool for SOHO routers like Tenda):

   ```bash

   sudo python3 rsf.py

   use scanners/autopwn

   set target 192.168.0.1

   run

   ```

   - It has generic HTTP command injection, auth bypass, and some brand-specific checks that catch many Tenda flaws (even if not explicitly named "Tenda").


2. **Generic Metasploit Modules That Often Work on Tenda**:

   - Command injection patterns: `search type:exploit cmd injection http`

     - Examples: `exploit/multi/http/struts_code_exec` (if old Java), or generic ones like `exploit/unix/webapp/php_include` (rare).

   - HTTP scanners: `auxiliary/scanner/http/http_version`, `auxiliary/scanner/http/router_login_scanner`

   - Try: `use auxiliary/scanner/http/title` or `use auxiliary/scanner/http/dir_listing` to fingerprint.


3. **Manual Porting of PoCs**:

   - Grab Python exploits from Exploit-DB (search "Tenda" there — many 2025 entries like FH451 buffer overflow).

   - Convert to Metasploit Ruby format (use existing modules as templates — it's straightforward if you're intermediate).

   - Submit to Rapid7 if you want (they accept PRs).


### Quick Check in Your msfconsole Right Now

Run these and paste the output if you want me to interpret:

```

search tenda

search type:exploit http buffer overflow 2025

search cve:2025 router

```


**Bottom line for your service gigs**: Stick with **Routersploit autopwn** + **Nmap vuln scripts** + **Nuclei iot/templates** for Tenda audits — they're more reliable and cover 90% of real-world Tenda issues without needing rare Metasploit modules. If a client has a specific CVE (e.g., AC9 CVE-2025-29384), add that third-party module manually.


Tell me your exact Tenda model/firmware (from the admin page) or any CVE you're targeting — I can hunt for the latest PoC/module links or walk you through adapting one. Let's find something exploitable in a safe lab! 🔍

Comments

Post a Comment

Popular posts from this blog

Turn Kali skills into a real business

 **Yes — this is exactly how pros .**   You're already intermediate, so we're skipping baby steps. Below is the **exact professional workflow** I (and many Kenyan freelancers) use for paid “Router Security Cleanup” gigs: detect malware (Mirai/botnets), exploits, payloads, weak WiFi, then harden and prove it. Clients love it because you show them the attack live, then fix it in 30–45 mins and charge KSh 3,000–7,000 per router (or KSh 15k+ for whole home/office). **Legal & Ethics First (non-negotiable for services)**   - Get **written permission** (simple WhatsApp/Email: “I authorise you to test and secure my router”).   - Never run on neighbours or public networks.   - Start every job with a backup of the router config.   - In Kenya, common targets: TP-Link Archer, Huawei HG series, ZTE, Safaricom-branded routers — all vulnerable to Mirai-style telnet exploits in 2026. sudo apt update && sudo apt install -y nmap nuclei ai...
Read more

Kali Linux terminal commands on router security

Router Cleanup & Hardening All commands assume ethical use: **your own router/lab**, written permission for clients, or legal targets like scanme.nmap.org. Run as root (`sudo -i`) where needed. ### 1. Network Discovery & Device Mapping (Find the router + connected devices) - Basic live host discovery:   ```bash   sudo nmap -sn 192.168.0.0/24          # Replace with your subnet (Tenda often 192.168.0.0/24)   ``` - Detailed ARP scan (great for local WiFi networks):   ```bash   sudo arp-scan --localnet --interface=wlan0   # Or eth0 if wired   ``` - Find router specifically:   ```bash   ip route | grep default   # Shows gateway IP (your router)   arp -a | grep -i "router\|tenda"   # Look for Tenda MAC/vendor   ``` ### 2. Router-Specific Deep Scanning (Detect open ports, services, OS, vulns) - Aggressive scan with vuln scripts (your go-to for before/after hardening proof):   ...
Read more