Tenda Tx9 Firmware vulnerabilities

CVE-2026-2139 [HIGH] CWE-119 CVE-2026-2139: A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2026-2140 [HIGH] CWE-119 CVE-2026-2140: A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the f A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.

CVE-2026-2138 [HIGH] CWE-119 CVE-2026-2138: A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

CVE-2023-47422 [HIGH] CWE-284 CVE-2023-47422: An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.