Description
A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
Published: 2026-02-22
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate patch
AI Analysis

Impact

A stack-based buffer overflow exists in the Wireless Configuration Endpoint of the Tenda HG9 router. The vulnerability is triggered by manipulating the ssid argument sent to /boaform/formWlanSetup, causing the stack to be corrupted. The flaw can be exploited to execute arbitrary code or crash the device, thereby compromising confidentiality, integrity, and availability.

Affected Systems

Tenda HG9 routers with firmware 300001138 are affected. No other vendors or product versions are listed.

Risk and Exploitability

The CVSS score is 8.7, indicating high severity, while the EPSS score is below 1% and the vulnerability is not in the CISA KEV catalog. The attack vector is remote and the exploit is publicly available, so an attacker can target the device over the local network or through remote wireless access. Due to the low EPSS but high severity, the risk is moderate to high for exposed environments.

Generated by OpenCVE AI on April 17, 2026 at 16:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest official firmware for the Tenda HG9 router from the manufacturer’s website.
  • Configure the router or firewall to block or restrict access to the /boaform/formWlanSetup endpoint, limiting remote configuration exposure.
  • Continuously monitor router logs and network traffic for abnormal SSID configuration requests or signs of exploitation attempts.

Generated by OpenCVE AI on April 17, 2026 at 16:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda hg9 Firmware
CPEs cpe:2.3:h:tenda:hg9:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:hg9_firmware:300001138:*:*:*:*:*:*:*
Vendors & Products Tenda hg9 Firmware

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda hg9
Vendors & Products Tenda
Tenda hg9

Sun, 22 Feb 2026 01:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
Title Tenda HG9 Wireless Configuration Endpoint formWlanSetup stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Hg9 Hg9 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T19:13:59.154Z

Reserved: 2026-02-20T20:14:32.380Z

Link: CVE-2026-2905

cve-icon Vulnrichment

Updated: 2026-02-23T19:13:14.208Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-22T02:16:56.380

Modified: 2026-02-23T20:22:10.010

Link: CVE-2026-2905

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T16:45:15Z

Weaknesses