CVE-2026-2192 — AI Deep Analysis Summary

🚨 **Stack-based buffer overflow** in Tenda AC9’s `formGetRebootTimer` function. 📌 Attackers can crash device or execute arbitrary code via malformed reboot schedule params. 💥 Remote, high-impact.

🔍 **CWE-121**: Improperly bounded buffer. 📦 `sys.schedulereboot.start_time`/`end_time` params not validated → overflow stack buffer. 🧩 Classic buffer overflow flaw.

🔌 **Tenda AC9** firmware **v15.03.06.42_multi**. 📦 Affects `formGetRebootTimer` function. 📌 No other versions listed in data.

🔓 **Remote code execution (RCE)**. 🧠 Can gain full control: read/write data, hijack device, pivot to network. 🎯 High privilege escalation potential.

🔐 **High privilege required?** No. 🚫 But **authentication needed** (PR:H). 📡 Exploitation requires valid session (e.g., logged-in admin).

💻 **Public exploit exists!** 📚 PoC in GitHub repo: [IoT-Vulnerability/tenda4.md](https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda4.md). 🌐 Also reported in VulDB as exploited.

🔍 **Check firmware version**: Log into router → Admin panel → About. 📌 Look for **v15.03.06.42_multi**. 🧪 Use network scanners (e.g., Nmap) for Tenda AC9 devices.

🛡️ **No official patch mentioned**. 📄 Vendor site (tenda.com.cn) listed but no advisory found in data. ❌ Mitigation not confirmed.

🛠️ **Workaround**: Disable remote management. 🔒 Change admin password. 🚫 Avoid exposing router to internet. 📊 Monitor logs for unusual reboot attempts.

⚠️ **URGENT!** 🚨 CVSS 9.8 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 💣 Public exploit + RCE risk. 📈 Patch ASAP or isolate device.