CVE-2026-2138 – A buffer overflow vulnerability in Tenda TX9 ro... (How to Fix)

Q: What is the severity of CVE-2026-2138?

CVE-2026-2138 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in Tenda TX9 routers allows remote attackers to execute arbitrary code by manipulating the list argument in the SetStaticRouteCfg function. This affects Tenda TX9 routers up to firmware version 22.03.02.10_multi. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A buffer overflow vulnerability in Tenda TX9 routers allows remote attackers to execute arbitrary code by manipulating the list argument in the SetStaticRouteCfg function. This affects Tenda TX9 routers up to firmware version 22.03.02.10_multi. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda TX9

Versions: Up to and including 22.03.02.10_multi

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations with the vulnerable firmware version are affected. The vulnerable endpoint is accessible via web interface.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, botnet enrollment, or network pivot attacks.

🟠

Likely Case

Remote code execution allowing attackers to install malware, modify configurations, or disrupt network services.

🟢

If Mitigated

Denial of service or temporary disruption if exploit attempts are blocked but not patched.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing router interfaces.

🏢 Internal Only: MEDIUM - Could be exploited from internal networks if devices are accessible.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept exploit code is publicly available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. If update available, download and install via router web interface. 3. Reboot router after installation.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Access router web interface > Advanced > System Tools > Remote Management > Disable

Network segmentation

all

Isolate router management interface from untrusted networks

Configure firewall rules to restrict access to router IP on ports 80/443

🧯 If You Can't Patch

Replace affected routers with different models or brands
Implement strict network access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface: Login > Advanced > System Tools > Firmware Upgrade

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version is newer than 22.03.02.10_multi

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SetStaticRouteCfg
Large payloads in router logs
Multiple failed exploit attempts

Network Indicators:

Unusual traffic patterns to router management interface
Exploit payload patterns in network traffic

SIEM Query:

source="router_logs" AND uri="/goform/SetStaticRouteCfg" AND (payload_size>1000 OR contains(list, "overflow"))

📊 Metadata

CVE ID: CVE-2026-2138

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.08% exploit probability (24.3th percentile)

Published: February 8, 2026

Last Updated: February 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2138, you might also want to check these: