CVE-2026-2140
Remote Buffer Overflow in Tenda TX9 setMacFilterCfg Function
Publication date: 2026-02-08
Last updated on: 2026-02-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | tx9_firmware | to 22.03.02.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2140 is a critical buffer overflow vulnerability found in the Tenda TX9 router firmware up to version 22.03.02.10_multi. The flaw exists in the function sub_4223E0 within the /goform/setMacFilterCfg endpoint. It occurs when the deviceList parameter is manipulated with crafted input that is not properly validated for length before being copied into a fixed-size buffer. This leads to a stack-based buffer overflow.
Because the input is not checked for size, an attacker can supply an excessively long string that overflows the buffer, potentially overwriting the stack frame and return address. This vulnerability can be exploited remotely without physical access to the device.
The exploit is publicly available and can lead to Denial of Service (DoS) or possibly Remote Code Execution (RCE), allowing an attacker to take control of the device.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including denial of service and remote code execution on the affected Tenda TX9 router. An attacker can exploit the buffer overflow remotely to crash the device or execute arbitrary code.
Successful exploitation compromises the confidentiality, integrity, and availability of the device, potentially allowing attackers to control the router, intercept or manipulate network traffic, and disrupt network services.
Since the exploit is publicly available and easy to execute, the risk of attack is high if the device is exposed to untrusted networks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability is triggered via the HTTP route /goform/setMacFilterCfg by manipulating the deviceList parameter. Detection can focus on monitoring HTTP requests to this endpoint for unusually long or malformed deviceList parameters that could indicate an attempted buffer overflow exploit.
Since the exploit is publicly available and targets the deviceList parameter, network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on suspicious POST requests to /goform/setMacFilterCfg containing excessively long deviceList values.
Specific commands to detect this vulnerability are not provided in the resources. However, you can use tools like curl or wget to test the endpoint manually by sending crafted requests to /goform/setMacFilterCfg with long deviceList parameters to verify if the device is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'No known mitigations or countermeasures have been reported for this vulnerability.'}, {'type': 'paragraph', 'content': 'The recommended immediate step is to replace the affected product or avoid exposing the vulnerable endpoint to untrusted networks.'}, {'type': 'paragraph', 'content': "Additionally, restricting access to the router's management interface and monitoring for suspicious activity can help reduce risk until a patch or update is available."}] [4]