CVE-2026-2181

HighPublic PoC

Published: 08 February 2026

Published

08 February 2026

Modified

10 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely.…

The exploit has been released to the public and may be used for attacks.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validates parameters like schedStartTime and schedEndTime at the /goform/openSchedWifi endpoint to prevent stack-based buffer overflows from improper input handling.

SI-16 Memory Protection good match

prevent

Implements memory safeguards such as stack canaries, ASLR, and DEP to protect against exploitation of stack-based buffer overflows leading to arbitrary code execution.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and patching of the specific buffer overflow flaw in Tenda RX3 firmware version 16.03.13.11.

Security SummaryAI

CVE-2026-2181 is a stack-based buffer overflow vulnerability affecting the Tenda RX3 router running firmware version 16.03.13.11. The flaw resides in an unknown functionality of the /goform/openSchedWifi endpoint, where manipulation of the schedStartTime and schedEndTime arguments triggers the overflow. This issue, linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), was published on 2026-02-08 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring network access and low attack complexity but no user interaction. Successful exploitation allows high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution on the affected device through the buffer overflow.

Advisories from sources like VulDB (ctiid.344884, id.344884, submit.749710) and a GitHub issue detail the vulnerability and note that a public exploit has been released, increasing the risk of active attacks. The Tenda vendor website (tenda.com.cn) is referenced for further information, though specific patches or mitigations are not detailed in available disclosures; practitioners should verify firmware updates directly from the vendor.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

rx3 firmware

16.03.13.11

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability is a stack-based buffer overflow in a public-facing web endpoint (/goform/openSchedWifi) on a router, enabling remote exploitation (AV:N/AC:L/PR:L) for arbitrary code execution, directly mapping to T1190 (Exploit Public-Facing Application) for initial access and T1068 (Exploitation for Privilege Escalation) given PR:L to high-impact RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/LX-66-LX/cve-new/issues/5
Exploit, Issue Tracking · cna@vuldb.com
https://vuldb.com/?ctiid.344884
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.344884
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.749710
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com