CVE-2026-2138

8.8 HIGH

Published 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis

Quick Summary

A buffer overflow vulnerability exists in certain Tenda TX9 routers. Attackers can send specially crafted network requests to crash the device or potentially run malicious code.

Who is affected

Users of Tenda TX9 routers with firmware version 22.03.02.10_multi or earlier are affected. A remote attacker could take control of the router or cause a denial of service.

Recommended fix

Immediately update the router's firmware to a version newer than 22.03.02.10_multi. If no update is available, disable remote administration and restrict access to the router's web interface.

Technical Description

A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

CVSS Details

Attack Vector

NETWORK

Complexity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119, CWE-120

CVE-2026-2138

Quick Summary

Technical Description

CVSS Details

References