CVE-2026-2906
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Analysis
Remote code execution in Tenda HG9 firmware via stack buffer overflow in the Samba configuration endpoint allows authenticated attackers to achieve complete system compromise through manipulation of the sambaCap parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Tenda HG9 devices in your environment and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict access to the vulnerable /boaform/formSamba endpoint and monitor for exploitation attempts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today