CVE-2026-2909

Name of the Vulnerable Software and Affected Versions Tenda HG9 version 300001138

Description A security flaw exists in the Tenda HG9 router's Diagnostic Ping component. The issue stems from a stack-based buffer overflow caused by improper handling of input in the pingAddr argument of the /boaform/formPing endpoint. This allows a remote attacker to potentially execute arbitrary code, cause a denial of service, or compromise the device. The exploit for this issue is publicly available.

Recommendations Versions prior to 300001139 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.