Primary

Context

Tenda TX9 Buffer Overflow Vulnerability in Static Route Configuration

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda TX9 Pro router, specifically in version 22.03.02.10_multi. The issue arises in the function sub_42D03C within the file /goform/SetStaticRouteCfg. The vulnerability can be exploited remotely by manipulating the argument list, leading to potential denial-of-service conditions or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to stack corruption. This type of memory corruption vulnerability commonly allows for arbitrary code execution or causing the device to crash, creating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/SetStaticRouteCfg endpoint. The request must include a 'list' parameter with a payload that exceeds the buffer's capacity, such as a string of repeated characters. This can be done using a script or a tool that allows for the manipulation of HTTP request data.

Added: Feb 8, 2026, 6:19 AM

Updated: Feb 8, 2026, 6:19 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

8.5

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

8.5

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda TX9 Buffer Overflow Vulnerability in Static Route Configuration

Vulnerability

Impact

Reproduction

Affected Products

Tenda TX9

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating