CVE 8.7 HIGH

Tenda TX9 SetStaticRouteCfg sub_42D03C buffer overflow_CVE-2026-2138

February 8, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

AI Analysis

Buffer overflow vulnerability in Tenda TX9 up to 22.03.02.10_multi via the SetStaticRouteCfg function, allowing remote attacks.

Basic Information

ID CVE-2026-2138

Source VulDB

Published Feb 8, 2026 at 06:02

Affected Product

Vendor Tenda

Product TX9

Version 22.03.02.10_multi

Affected Versions Tenda TX9 22.03.02.10_multi

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product TX9

Version 22.03.02.10_multi

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.",
    "published": "2026-02-08T06:02:07.777Z",
    "modified": "2026-02-08T06:02:07.777Z",
    "type": "cve",
    "title": "Tenda TX9 SetStaticRouteCfg sub_42D03C buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344773\nhttps://vuldb.com/?ctiid.344773\nhttps://vuldb.com/?submit.747249\nhttps://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/SetStaticRouteCfg.md\nhttps://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/SetStaticRouteCfg.md#poc\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-2138",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda TX9 22.03.02.10_multi",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TX9",
    "version": "22.03.02.10_multi",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda TX9 up to 22.03.02.10_multi via the SetStaticRouteCfg function, allowing remote attacks.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "TX9",
    "ai_version": "22.03.02.10_multi",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply