CVE-2026-2140 - Tenda Tx9 Firmware
Critical 8.8
A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.
Affected software
Tenda Tx9 Firmware
Reference links
- https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/setMacFilterCfg.md
- https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/setMacFilterCfg.md#poc
- https://vuldb.com/?ctiid.344775
- https://vuldb.com/?id.344775
- https://vuldb.com/?submit.747251
- https://vuldb.com/?submit.749747
- https://www.tenda.com.cn/