CVE-2026-2139
8.8 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A buffer overflow vulnerability exists in the web interface of certain Tenda TX9 routers. Attackers can remotely crash the device or potentially run malicious code by sending a specially crafted network request.
Who is affected
Users of Tenda TX9 routers with firmware version 22.03.02.10_multi or earlier are affected. A successful exploit could allow an attacker to take control of the router.
Recommended fix
Immediately update the router's firmware to a version newer than 22.03.02.10_multi, if available from Tenda. If no patch exists, restrict access to the router's management interface to trusted networks only.
Technical Description
A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-119, CWE-120