CVE-2026-2138
Remote Buffer Overflow in Tenda TX9 /goform/SetStaticRouteCfg
Publication date: 2026-02-08
Last updated on: 2026-02-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | tx9_firmware | to 22.03.02.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2138 is a buffer overflow vulnerability found in the Tenda TX9 router firmware up to version 22.03.02.10_multi. It occurs in the function sub_42D03C within the /goform/SetStaticRouteCfg file. The vulnerability arises because the argument list passed to this function is improperly handled, allowing an attacker to overflow a buffer by sending crafted input that exceeds the expected size.
This buffer overflow can be triggered remotely without requiring physical or local access to the device. The exploit has been publicly disclosed, making it easier for attackers to leverage this vulnerability.
How can this vulnerability impact me? :
This vulnerability can have serious impacts on the affected device and its users. Because it is a buffer overflow, an attacker can exploit it to execute arbitrary code remotely, potentially taking full control of the device.
The impacts include compromising the confidentiality, integrity, and availability of the device. An attacker could disrupt network services, steal sensitive information, or use the device as a foothold for further attacks.
Additionally, the exploit is publicly available, which increases the risk of widespread attacks. There are no known mitigations reported, so replacing the affected product is recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring network traffic for HTTP requests targeting the endpoint /goform/SetStaticRouteCfg on Tenda TX9 routers running vulnerable firmware versions.'}, {'type': 'paragraph', 'content': 'Specifically, detection involves identifying unusual or malformed argument lists sent to this endpoint that could trigger the buffer overflow.'}, {'type': 'paragraph', 'content': 'Since the exploit is publicly available, scanning for HTTP POST requests to /goform/SetStaticRouteCfg with suspicious payloads can help detect exploitation attempts.'}, {'type': 'list_item', 'content': 'Use network monitoring tools like tcpdump or Wireshark to capture HTTP traffic and filter for requests to /goform/SetStaticRouteCfg.'}, {'type': 'list_item', 'content': "Example tcpdump command: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/SetStaticRouteCfg'"}, {'type': 'list_item', 'content': 'Use curl or similar tools to test the endpoint manually by sending crafted requests to see if the device responds abnormally.'}] [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
There are no known mitigations or countermeasures reported for this vulnerability.
The recommended immediate step is to replace the affected Tenda TX9 device with an alternative product that is not vulnerable.
Additionally, restricting network access to the device, especially blocking external HTTP access to the /goform/SetStaticRouteCfg endpoint, can reduce exposure.
Monitoring for exploitation attempts and applying network-level protections such as firewalls or intrusion detection systems may help mitigate risk until replacement.