Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda HG9: Remote Attack Possible via Samba Configuration Setting
CVE-2026-2906
Summary
Tenda's HG9 router has a security weakness that could allow hackers to launch a remote attack by manipulating a specific setting in the Samba configuration. This could potentially allow unauthorized access to the router. To mitigate this risk, update the router's firmware to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | hg9_firmware | 300001138 | – |
Original title
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the arg...
Original description
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
- https://github.com/QIU-DIE/cve-nneeww/issues/8 Exploit Issue Tracking Mitigation Third Party Advisory
- https://vuldb.com/?ctiid.347215 Permissions Required VDB Entry
- https://vuldb.com/?id.347215 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.755193 Third Party Advisory VDB Entry
- https://www.tenda.com.cn/ Product
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026