CVE-2026-2140
Analyzed Analyzed - Analysis Complete
Remote Buffer Overflow in Tenda TX9 setMacFilterCfg Function

Publication date: 2026-02-08

Last updated on: 2026-02-10

Assigner: VulDB

Description
A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-08
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-02-08
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2140
EUVD
EUVD-2026-5808
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda tx9_firmware to 22.03.02.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2140 is a critical buffer overflow vulnerability found in the Tenda TX9 router firmware up to version 22.03.02.10_multi. The flaw exists in the function sub_4223E0 within the /goform/setMacFilterCfg endpoint. It occurs when the deviceList parameter is manipulated with crafted input that is not properly validated for length before being copied into a fixed-size buffer. This leads to a stack-based buffer overflow.

Because the input is not checked for size, an attacker can supply an excessively long string that overflows the buffer, potentially overwriting the stack frame and return address. This vulnerability can be exploited remotely without physical access to the device.

The exploit is publicly available and can lead to Denial of Service (DoS) or possibly Remote Code Execution (RCE), allowing an attacker to take control of the device.

Impact Analysis

This vulnerability can have severe impacts including denial of service and remote code execution on the affected Tenda TX9 router. An attacker can exploit the buffer overflow remotely to crash the device or execute arbitrary code.

Successful exploitation compromises the confidentiality, integrity, and availability of the device, potentially allowing attackers to control the router, intercept or manipulate network traffic, and disrupt network services.

Since the exploit is publicly available and easy to execute, the risk of attack is high if the device is exposed to untrusted networks.

Compliance Impact

I don't know

Detection Guidance

The vulnerability is triggered via the HTTP route /goform/setMacFilterCfg by manipulating the deviceList parameter. Detection can focus on monitoring HTTP requests to this endpoint for unusually long or malformed deviceList parameters that could indicate an attempted buffer overflow exploit.

Since the exploit is publicly available and targets the deviceList parameter, network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on suspicious POST requests to /goform/setMacFilterCfg containing excessively long deviceList values.

Specific commands to detect this vulnerability are not provided in the resources. However, you can use tools like curl or wget to test the endpoint manually by sending crafted requests to /goform/setMacFilterCfg with long deviceList parameters to verify if the device is vulnerable.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'No known mitigations or countermeasures have been reported for this vulnerability.'}, {'type': 'paragraph', 'content': 'The recommended immediate step is to replace the affected product or avoid exposing the vulnerable endpoint to untrusted networks.'}, {'type': 'paragraph', 'content': "Additionally, restricting access to the router's management interface and monitoring for suspicious activity can help reduce risk until a patch or update is available."}] [4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2140. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart