HIGHCVE-2026-2140Published 2026-02-08Modified 2026-02-23CNA VulDB

CVE-2026-2140: Tenda TX9 setMacFilterCfg sub_4223E0 buffer overflow

A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Tenda / TX9
22.03.02.10_multi

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-344775 | Tenda TX9 setMacFilterCfg sub_4223E0 buffer overflow
VDB-344775 | CTI Indicators (IOB, IOC, IOA)
Submit #747251 | Tenda TX9 V22.03.02.10_multi Buffer Overflow
Submit #749747 | Tenda TX9 V22.03.02.18 Stack-based Buffer Overflow (Duplicate)
github.com
github.com
tenda.com.cn

Metrics