CVE 8.7 HIGH

Tenda TX9 fast_setting_wifi_set sub_432580 buffer overflow_CVE-2026-2139

February 8, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

AI Analysis

Buffer overflow vulnerability in Tenda TX9 up to 22.03.02.10_multi via the sub_432580 function in the /goform/fast_setting_wifi_set file, allowing remote attackers to exploit the vulnerability by manipulating the ssid argument.

Basic Information

ID CVE-2026-2139

Source VulDB

Published Feb 8, 2026 at 06:32

Affected Product

Vendor Tenda

Product TX9

Version 22.03.02.10_multi

Affected Versions Tenda TX9 22.03.02.10_multi

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product TX9

Version 22.03.02.10_multi

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2026-02-08T06:32:09.469Z",
    "modified": "2026-02-08T06:32:09.469Z",
    "type": "cve",
    "title": "Tenda TX9 fast_setting_wifi_set sub_432580 buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344774\nhttps://vuldb.com/?ctiid.344774\nhttps://vuldb.com/?submit.747250\nhttps://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/fast_setting_wifi_set.md\nhttps://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/fast_setting_wifi_set.md#poc\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-2139",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda TX9 22.03.02.10_multi",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TX9",
    "version": "22.03.02.10_multi",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda TX9 up to 22.03.02.10_multi via the sub_432580 function in the /goform/fast_setting_wifi_set file, allowing remote attackers to exploit the vulnerability by manipulating the ssid argument.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "TX9",
    "ai_version": "22.03.02.10_multi",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply