CVE-2026-2905 – Tenda HG9 Wireless Configuration Endpoint formWlanSetup stack-based overflow

CVE ID : CVE-2026-2905

Published : Feb. 22, 2026, 2:16 a.m. | 48 minutes ago

Description : A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…