Primary

Context

Tenda TX9 Buffer Overflow Vulnerability in MAC Filter Configuration

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda TX9 router, specifically in the 'setMacFilterCfg' function of the firmware version 22.03.02.10_multi. This vulnerability allows for remote exploitation by manipulating the 'deviceList' parameter, leading to potential denial-of-service conditions or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can overwrite the return address of the function, potentially leading to arbitrary code execution or a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a POST request to the '/goform/setMacFilterCfg' endpoint with a crafted 'deviceList' parameter. The parameter should be a string that exceeds 160 bytes, including a carriage return character, to exploit the buffer overflow.

Added: Feb 8, 2026, 7:19 AM

Updated: Feb 8, 2026, 7:19 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda TX9 Buffer Overflow Vulnerability in MAC Filter Configuration

Vulnerability

Impact

Reproduction

Affected Products

Tenda TX9

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating