Login Sign Up

CVE-2026-2180

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability exists in Tenda RX3 routers version 16.03.13.11. Attackers can remotely exploit this by manipulating the ssid_5g parameter in the /goform/fast_setting_wifi_set endpoint, potentially leading to arbitrary code execution. This affects all users running the vulnerable firmware version.

💻 Affected Systems

Products:
  • Tenda RX3
Versions: 16.03.13.11
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running this specific firmware version are vulnerable. The vulnerability is in the web management interface component.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers achieve unauthenticated remote code execution with root privileges, enabling complete device takeover, network compromise, and lateral movement into connected networks.

🟠

Likely Case

Remote code execution leading to device compromise, credential theft, DNS hijacking, or botnet enrollment.

🟢

If Mitigated

Denial of service or device crash if exploit fails or is blocked by network controls.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, and affected routers are typically internet-facing devices.
🏢 Internal Only: MEDIUM - If routers are not exposed to the internet, risk is reduced but still present from internal threats or compromised devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for RX3 model. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router after update completes.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface to trusted network

🧯 If You Can't Patch

  • Replace affected routers with different models or brands
  • Implement strict network firewall rules blocking access to port 80/443 on router WAN interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is exactly 16.03.13.11, device is vulnerable.

Check Version:

Login to router web interface and check System Status or Firmware Version page

Verify Fix Applied:

After firmware update, verify version has changed from 16.03.13.11 to a newer version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /goform/fast_setting_wifi_set with long ssid_5g parameters
  • Router crash/reboot logs
  • Failed authentication attempts to admin interface

Network Indicators:

  • Unusual outbound connections from router
  • DNS queries to suspicious domains
  • Port scanning originating from router

SIEM Query:

source="router_logs" AND (uri="/goform/fast_setting_wifi_set" AND param_length(ssid_5g)>100) OR (event="device_reboot" AND reason="crash")

📊 Metadata

CVE ID: CVE-2026-2180
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.08% exploit probability (22.7th percentile)
Published: February 8, 2026
Last Updated: February 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2180, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)