Login Sign Up

CVE-2026-2181

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability exists in Tenda RX3 router firmware version 16.03.13.11. Attackers can remotely exploit this by manipulating the schedStartTime/schedEndTime parameters in the /goform/openSchedWifi endpoint, potentially leading to arbitrary code execution. This affects all users running the vulnerable firmware version.

💻 Affected Systems

Products:
  • Tenda RX3
Versions: 16.03.13.11
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific firmware version mentioned; other versions may or may not be vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers could execute arbitrary code with router privileges, potentially gaining full control of the device, intercepting network traffic, or using it as a foothold for further attacks.

🟠

Likely Case

Remote code execution leading to router compromise, enabling attackers to modify settings, intercept traffic, or deploy malware to connected devices.

🟢

If Mitigated

If properly segmented and monitored, impact could be limited to the router itself without lateral movement to other network segments.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing routers with the vulnerable firmware.
🏢 Internal Only: MEDIUM - While still exploitable from internal networks, the attack surface is reduced compared to internet exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available, making this relatively easy to weaponize for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for RX3. 3. Upload via router admin interface. 4. Apply update and restart router.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

  • Replace affected router with different model/brand
  • Implement strict network access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface; if version is 16.03.13.11, device is vulnerable.

Check Version:

Check via router web interface or SSH if available: cat /proc/version or similar firmware version command

Verify Fix Applied:

Verify firmware version has been updated to a version later than 16.03.13.11.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /goform/openSchedWifi with manipulated parameters
  • Router crash/restart logs

Network Indicators:

  • Exploit traffic patterns targeting router management interface
  • Unusual outbound connections from router

SIEM Query:

source_ip=router AND (url_path="/goform/openSchedWifi" AND (param="schedStartTime" OR param="schedEndTime"))

📊 Metadata

CVE ID: CVE-2026-2181
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.08% exploit probability (22.7th percentile)
Published: February 8, 2026
Last Updated: February 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2181, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)