CVE-2026-2138 - Vulnerability Details

- Tenda TX9 SetStaticRouteCfg sub_42D03C buffer overflow

Description

A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

Published: 2026-02-08

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a stack-based buffer overflow located in the sub_42D03C routine of the /goform/SetStaticRouteCfg handler on Tenda TX9 routers. A crafted list of arguments sent to this function can overwrite adjacent memory, potentially allowing an attacker to inject or execute arbitrary code or crash the device. The flaw exists in firmware versions up to 22.03.02.10_multi and is exploitable remotely without authentication, with a publicly available proof‑of‑concept. The impact is consistent with a high‑severity remote code execution or denial of service if the overflow can be leveraged for malicious code injection.

Affected Systems

Tenda TX9 routers running firmware versions up to 22.03.02.10_multi are affected. The CVE references a single vendor–product pair, Tenda TX9, and the corresponding CPE strings identify the hardware and firmware families.

Risk and Exploitability

The vulnerability scores a CVSS of 8.7, indicating a high severity, while the EPSS score of less than 1% suggests that widespread exploitation is currently unlikely but not impossible. The flaw is not listed in the CISA KEV catalog, but the existence of a public exploit increases the risk of targeted attacks. Given that the attack vector is remote and requires only a crafted HTTP request, an attacker with internet reach to the device’s management interface could trigger the overflow. Without a patch or mitigation in place, the potential consequences include loss of device control or complete network disruption.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tenda

TX9

affected

Version	Status	Constraints
`22.03.02.10_multi`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:tenda:tx9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tenda:tx9:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Tenda	Tx9	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Download and install the latest firmware from Tenda’s official website that addresses the buffer overflow in SetStaticRouteCfg; apply the update as soon as possible.
If a firmware update is not available, block external access to the /goform/SetStaticRouteCfg endpoint and any other unneeded management interfaces via firewall rules or by disabling remote management features.
Restrict privileged management traffic to a small set of trusted IP addresses and isolate the router from production networks using segmentation; if the device remains unpatched, consider replacement.

Generated by OpenCVE AI on April 18, 2026 at 13:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00039.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/SetStaticRouteCfg.md
https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/SetStaticRouteCfg.md#poc
https://vuldb.com/?ctiid.344773
https://vuldb.com/?id.344773
https://vuldb.com/?submit.747249
https://www.tenda.com.cn/

History

Tue, 10 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Feb 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda tx9 Firmware
CPEs		cpe:2.3:h:tenda:tx9:-:::::::* cpe:2.3:o:tenda:tx9_firmware::::::::
Vendors & Products		Tenda tx9 Firmware

Mon, 09 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda tx9
Vendors & Products		Tenda Tenda tx9

Sun, 08 Feb 2026 06:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
Title		Tenda TX9 SetStaticRouteCfg sub_42D03C buffer overflow
Weaknesses		CWE-119 CWE-120
References		https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/SetStaticRouteCfg.md https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/SetStaticRouteCfg.md#poc https://vuldb.com/?ctiid.344773 https://vuldb.com/?id.344773 https://vuldb.com/?submit.747249 https://www.tenda.com.cn/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Tenda Tx9 Tx9 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-08T06:02:07.777Z

Updated: 2026-02-23T09:38:51.655Z

Reserved: 2026-02-06T21:02:53.143Z

Link: CVE-2026-2138

Vulnrichment

Updated: 2026-02-10T19:53:49.657Z

NVD

Status : Analyzed

Published: 2026-02-08T06:16:18.093

Modified: 2026-02-10T19:28:57.427

Link: CVE-2026-2138

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T13:30:45Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object