CVE-2026-2140
📋 TL;DR
A buffer overflow vulnerability exists in Tenda TX9 routers through firmware version 22.03.02.10_multi. Attackers can remotely exploit this vulnerability by sending specially crafted requests to the /goform/setMacFilterCfg endpoint, potentially allowing arbitrary code execution. This affects all users running vulnerable firmware versions.
💻 Affected Systems
- Tenda TX9
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote attackers could execute arbitrary code with router privileges, potentially taking full control of the device, intercepting network traffic, or using it as a foothold for further attacks.
Likely Case
Remote code execution leading to device compromise, network traffic interception, or denial of service.
If Mitigated
If properly patched or isolated, the risk is eliminated; with workarounds, risk is reduced but not eliminated.
🎯 Exploit Status
Public proof-of-concept exploit is available, making exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: Yes
Instructions:
Check Tenda's official website or support channels for firmware updates. If an update is available, download and install it following vendor instructions, then reboot the router.
🔧 Temporary Workarounds
Disable remote administration
allPrevents external attackers from accessing the vulnerable endpoint by disabling remote management features.
Access router admin panel → Advanced Settings → Remote Management → Disable
Block access to vulnerable endpoint
linuxUse firewall rules to block access to /goform/setMacFilterCfg from untrusted networks.
iptables -A INPUT -p tcp --dport 80 -m string --string "/goform/setMacFilterCfg" --algo bm -j DROP
🧯 If You Can't Patch
- Isolate affected routers in a separate network segment with strict firewall rules
- Monitor network traffic for unusual requests to /goform/setMacFilterCfg
🔍 How to Verify
Check if Vulnerable:
Check router firmware version via admin panel (typically at 192.168.0.1 or 192.168.1.1) → System Status → Firmware VersionCheck Version:
curl -s http://router-ip/goform/getStatus | grep versionVerify Fix Applied:
Verify firmware version is above 22.03.02.10_multi after update📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to /goform/setMacFilterCfg with long deviceList parameters
- Router crash or reboot logs
Network Indicators:
- Unusual traffic patterns to router administration interface from external IPs
- HTTP requests with oversized deviceList parameters
SIEM Query:
source="router_logs" AND uri="/goform/setMacFilterCfg" AND (content_length>1000 OR user_agent="exploit")🔗 References
- https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/setMacFilterCfg.md
- https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/setMacFilterCfg.md#poc
- https://vuldb.com/?ctiid.344775
- https://vuldb.com/?id.344775
- https://vuldb.com/?submit.747251
- https://vuldb.com/?submit.749747
- https://www.tenda.com.cn/
