Hg9 Firmware
CVE-2026-2907
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
AnalysisAI
Remote code execution in Tenda HG9 firmware via stack buffer overflow in the GPON configuration endpoint allows authenticated attackers to achieve full system compromise through manipulation of LOID parameters. Public exploit code exists for this vulnerability, increasing the risk of active exploitation in deployed devices. No patch is currently available, making network segmentation and access controls critical for mitigation.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects Hg9 Firmware. A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in Hg9 Firmware
View allTenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high sev
Stack-based buffer overflow in Tenda HG9 firmware's pingAddr parameter allows unauthenticated remote attackers to achiev
Stack-based buffer overflow in the Diagnostic Ping Endpoint of Tenda HG9 firmware allows unauthenticated remote attacker
Stack-based buffer overflow in Tenda HG9 firmware's loopback detection endpoint allows remote attackers with valid crede
Remote code execution in Tenda HG9 firmware via stack buffer overflow in the Samba configuration endpoint allows authent
Stack buffer overflow in Tenda HG9 firmware's wireless configuration endpoint allows authenticated remote attackers to a
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today