Tenda Hg9 vulnerabilities

CVE-2026-2907 [HIGH] CWE-119 CVE-2026-2907: A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit

CVE-2026-2905 [HIGH] CWE-119 CVE-2026-2905: A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

CVE-2026-2908 [HIGH] CWE-119 CVE-2026-2908: A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some un A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been dis

CVE-2026-2906 [HIGH] CWE-119 CVE-2026-2906: A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the f A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for at

CVE-2026-2910 [HIGH] CWE-119 CVE-2026-2910: A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /b A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.

CVE-2026-2909 [HIGH] CWE-119 CVE-2026-2909: A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boafo A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.