CVE-2026-2909 – Tenda HG9 Diagnostic Ping Endpoint formPing stack-based overflow

CVE ID : CVE-2026-2909

Published : Feb. 22, 2026, 2:16 a.m. | 48 minutes ago

Description : A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…