CVE-2026-2910 is a stack-based buffer overflow vulnerability identified in the Tenda HG9 router firmware version 300001138. The vulnerability resides in the code handling the /boaform/formPing6 endpoint, specifically in the processing of the pingAddr argument. By crafting a malicious request that manipulates this argument, an attacker can overflow the stack buffer, potentially overwriting critical memory regions. This can lead to arbitrary code execution, allowing the attacker to gain control over the device, or cause a denial of service by crashing the router. The vulnerability is remotely exploitable without requiring authentication or user interaction, making it highly dangerous. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no exploits are currently reported in the wild, the availability of exploit code increases the risk of imminent attacks. The Tenda HG9 router is commonly deployed in residential and small business environments, often with limited security monitoring, which further exacerbates the threat. The lack of an official patch or mitigation guidance at the time of publication necessitates immediate defensive measures to reduce exposure.

The impact of CVE-2026-2910 is significant for organizations and individuals using the Tenda HG9 router. Successful exploitation can lead to full compromise of the device, enabling attackers to intercept, modify, or disrupt network traffic, pivot into internal networks, or launch further attacks. Confidential information passing through the router can be exposed or altered, undermining data integrity and privacy. The availability of the network can be disrupted by causing router crashes or reboots, leading to denial of service. Given the router's role as a network gateway, this vulnerability can serve as a critical entry point for attackers targeting home users, small businesses, or branch offices. The ease of remote exploitation without authentication increases the attack surface and potential for widespread abuse. The absence of patches or vendor guidance at the time of disclosure means many devices remain vulnerable, raising the risk of exploitation in the near term.

1. Immediately restrict access to the Tenda HG9 router management interfaces by disabling remote management features and limiting access to trusted IP addresses only. 2. Implement network segmentation to isolate the router from critical internal systems and sensitive data. 3. Monitor network traffic for unusual requests targeting the /boaform/formPing6 endpoint or abnormal pingAddr parameter usage. 4. Apply any available firmware updates or patches from Tenda as soon as they are released. 5. If patches are not available, consider replacing vulnerable devices with alternative routers from vendors with active security support. 6. Employ intrusion detection/prevention systems (IDS/IPS) to detect and block exploit attempts targeting this vulnerability. 7. Educate users and administrators about the risks and signs of compromise related to this vulnerability. 8. Regularly audit router configurations and logs to identify potential exploitation attempts or unauthorized changes.