CVE-2026-2907
The CVE targets Tenda HG9 (model 300001138) with a vulnerability in the GPON Configuration Endpoint. It exploits an issue in the /boaform/formgponConf handler where manipulating the arguments fmgpon_loid/fmgpon_loid_password triggers a stack-based buffer overflow. This allows remote, unauthentica...