Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda HG9 Router: Unsecured Functionality Can Be Manipulated Remotely
CVE-2026-2908
Summary
A security issue affects the Tenda HG9 router, allowing attackers to potentially take control of it remotely. This could happen if they exploit a weakness in the router's configuration settings. To stay secure, update your router's firmware as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | hg9_firmware | 300001138 | – |
Original title
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configu...
Original description
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
- https://github.com/QIU-DIE/cve-nneeww/issues/10 Exploit Issue Tracking Mitigation Third Party Advisory
- https://vuldb.com/?ctiid.347217 Permissions Required VDB Entry
- https://vuldb.com/?id.347217 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.755202 Third Party Advisory VDB Entry
- https://www.tenda.com.cn/ Product
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026