CVE 8.7 HIGH

Tenda TX9 setMacFilterCfg sub_4223E0 buffer overflow_CVE-2026-2140

February 8, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.

AI Analysis

Buffer overflow vulnerability in Tenda TX9 up to 22.03.02.10_multi via the setMacFilterCfg function, allowing remote attacks

Basic Information

ID CVE-2026-2140

Source VulDB

Published Feb 8, 2026 at 07:02

Affected Product

Vendor Tenda

Product TX9

Version 22.03.02.10_multi

Affected Versions Tenda TX9 22.03.02.10_multi

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product TX9

Version 22.03.02.10_multi

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.",
    "published": "2026-02-08T07:02:07.944Z",
    "modified": "2026-02-08T07:02:07.944Z",
    "type": "cve",
    "title": "Tenda TX9 setMacFilterCfg sub_4223E0 buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344775\nhttps://vuldb.com/?ctiid.344775\nhttps://vuldb.com/?submit.747251\nhttps://vuldb.com/?submit.749747\nhttps://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/setMacFilterCfg.md\nhttps://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/setMacFilterCfg.md#poc\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-2140",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda TX9 22.03.02.10_multi",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TX9",
    "version": "22.03.02.10_multi",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda TX9 up to 22.03.02.10_multi via the setMacFilterCfg function, allowing remote attacks",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "TX9",
    "ai_version": "22.03.02.10_multi",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply