CVE-2026-2138
Analyzed Analyzed - Analysis Complete
Remote Buffer Overflow in Tenda TX9 /goform/SetStaticRouteCfg

Publication date: 2026-02-08

Last updated on: 2026-02-10

Assigner: VulDB

Description
A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-08
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-02-08
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2138
EUVD
EUVD-2026-5810
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda tx9_firmware to 22.03.02.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2138 is a buffer overflow vulnerability found in the Tenda TX9 router firmware up to version 22.03.02.10_multi. It occurs in the function sub_42D03C within the /goform/SetStaticRouteCfg file. The vulnerability arises because the argument list passed to this function is improperly handled, allowing an attacker to overflow a buffer by sending crafted input that exceeds the expected size.

This buffer overflow can be triggered remotely without requiring physical or local access to the device. The exploit has been publicly disclosed, making it easier for attackers to leverage this vulnerability.

Impact Analysis

This vulnerability can have serious impacts on the affected device and its users. Because it is a buffer overflow, an attacker can exploit it to execute arbitrary code remotely, potentially taking full control of the device.

The impacts include compromising the confidentiality, integrity, and availability of the device. An attacker could disrupt network services, steal sensitive information, or use the device as a foothold for further attacks.

Additionally, the exploit is publicly available, which increases the risk of widespread attacks. There are no known mitigations reported, so replacing the affected product is recommended.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring network traffic for HTTP requests targeting the endpoint /goform/SetStaticRouteCfg on Tenda TX9 routers running vulnerable firmware versions.'}, {'type': 'paragraph', 'content': 'Specifically, detection involves identifying unusual or malformed argument lists sent to this endpoint that could trigger the buffer overflow.'}, {'type': 'paragraph', 'content': 'Since the exploit is publicly available, scanning for HTTP POST requests to /goform/SetStaticRouteCfg with suspicious payloads can help detect exploitation attempts.'}, {'type': 'list_item', 'content': 'Use network monitoring tools like tcpdump or Wireshark to capture HTTP traffic and filter for requests to /goform/SetStaticRouteCfg.'}, {'type': 'list_item', 'content': "Example tcpdump command: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/SetStaticRouteCfg'"}, {'type': 'list_item', 'content': 'Use curl or similar tools to test the endpoint manually by sending crafted requests to see if the device responds abnormally.'}] [1, 2, 3]

Mitigation Strategies

There are no known mitigations or countermeasures reported for this vulnerability.

The recommended immediate step is to replace the affected Tenda TX9 device with an alternative product that is not vulnerable.

Additionally, restricting network access to the device, especially blocking external HTTP access to the /goform/SetStaticRouteCfg endpoint, can reduce exposure.

Monitoring for exploitation attempts and applying network-level protections such as firewalls or intrusion detection systems may help mitigate risk until replacement.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2138. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart