CVE-2026-2191

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda AC9 version 15.03.06.42 multi

Description A flaw exists in the Tenda AC9 device. The formGetDdosDefenceList function is susceptible to a stack-based buffer overflow when the security.ddos.map argument is manipulated. This issue can be exploited remotely. The exploit code has been publicly released.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-121

Related Identifiers

BDU:2026-02495

CVE-2026-2191

Affected Products

Tenda Ac9

CVE-2026-2191

Weakness Enumeration

Related Identifiers

Affected Products

References · 11