{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-9429/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-9429"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["F1202 1.2.0.20(408)"],"_cs_severities":["high"],"_cs_tags":["stack-based buffer overflow","router vulnerability","cve-2026-9429"],"_cs_type":"advisory","_cs_vendors":["Tenda"],"content_html":"\u003cp\u003eCVE-2026-9429 is a stack-based buffer overflow vulnerability affecting Tenda F1202 devices running firmware version 1.2.0.20(408). The vulnerability resides in the \u003ccode\u003eformWrlExtraSet\u003c/code\u003e function within the \u003ccode\u003e/goform/WrlExtraSet\u003c/code\u003e file. A remote attacker can exploit this vulnerability by crafting a malicious request that manipulates the \u003ccode\u003edelno\u003c/code\u003e argument, leading to arbitrary code execution on the affected device. This is particularly concerning as a public exploit is available, increasing the likelihood of exploitation. Successful exploitation allows attackers to compromise the router and potentially gain access to the local network.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a Tenda F1202 router running firmware version 1.2.0.20(408).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/goform/WrlExtraSet\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the HTTP request, the attacker includes the \u003ccode\u003edelno\u003c/code\u003e argument with a value exceeding the buffer\u0026rsquo;s capacity in the \u003ccode\u003eformWrlExtraSet\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003eformWrlExtraSet\u003c/code\u003e function processes the \u003ccode\u003edelno\u003c/code\u003e argument without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe excessive data provided in the \u003ccode\u003edelno\u003c/code\u003e argument overwrites the stack.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious code into the overflowed buffer.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed, granting the attacker control over the device.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as modifying router settings, intercepting network traffic, or establishing a backdoor for persistent access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-9429 allows an attacker to gain complete control over the Tenda F1202 router. This can lead to a variety of malicious activities, including data theft, denial of service, and the establishment of a persistent foothold on the network. Given the availability of a public exploit, organizations and individuals using the affected Tenda F1202 router are at significant risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or firmware updates from Tenda to address CVE-2026-9429.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/goform/WrlExtraSet\u003c/code\u003e with abnormally long \u003ccode\u003edelno\u003c/code\u003e arguments, using the Sigma rule \u003ccode\u003eDetect Suspiciously Long delno Parameter in Tenda Routers\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement network intrusion detection systems (IDS) rules to detect and block exploitation attempts targeting CVE-2026-9429.\u003c/li\u003e\n\u003cli\u003eReview and restrict access to the router\u0026rsquo;s management interface to trusted IP addresses only.\u003c/li\u003e\n\u003cli\u003eEnable logging on the Tenda router and forward logs to a SIEM for centralized monitoring and analysis.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:08:19Z","date_published":"2026-05-26T14:08:19Z","id":"https://feed.craftedsignal.io/briefs/2026-05-tenda-stack-overflow/","summary":"A stack-based buffer overflow vulnerability (CVE-2026-9429) exists in Tenda F1202 version 1.2.0.20(408) within the formWrlExtraSet function of the /goform/WrlExtraSet file, allowing a remote attacker to execute arbitrary code by manipulating the delno argument; a public exploit is available.","title":"Tenda F1202 Stack-Based Buffer Overflow Vulnerability (CVE-2026-9429)","url":"https://feed.craftedsignal.io/briefs/2026-05-tenda-stack-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-9429","version":"https://jsonfeed.org/version/1.1"}