Sign-up

ID

VAR-202602-0278


CVE

CVE-2026-2180


TITLE

Shenzhen Tenda Technology Co.,Ltd. of RX3  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003119

DESCRIPTION

A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2180 // JVNDB: JVNDB-2026-003119

AFFECTED PRODUCTS

vendor:tendamodel:rx3scope:eqversion:16.03.13.11

Trust: 1.0

vendor:tendamodel:rx3scope:eqversion:rx3 firmware 16.03.13.11

Trust: 0.8

vendor:tendamodel:rx3scope:eqversion: -

Trust: 0.8

vendor:tendamodel:rx3scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-003119 // NVD: CVE-2026-2180

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2180
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-003119
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2180
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-003119
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2180
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-003119
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-003119 // NVD: CVE-2026-2180

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-003119 // NVD: CVE-2026-2180

PATCH

title:Tenda  RX3  V16.03.13.11 Stack-based Buffer Overflowurl:https://vuldb.com/?id.344883

Trust: 0.8

sources: JVNDB: JVNDB-2026-003119

EXTERNAL IDS

db:NVDid:CVE-2026-2180

Trust: 2.6

db:VULDBid:344883

Trust: 1.0

db:JVNDBid:JVNDB-2026-003119

Trust: 0.8

sources: JVNDB: JVNDB-2026-003119 // NVD: CVE-2026-2180

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://github.com/lx-66-lx/cve-new/issues/4

Trust: 1.8

url:https://vuldb.com/?ctiid.344883

Trust: 1.0

url:https://vuldb.com/?submit.749703

Trust: 1.0

url:https://vuldb.com/?id.344883

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2180

Trust: 0.8

sources: JVNDB: JVNDB-2026-003119 // NVD: CVE-2026-2180

SOURCES

db:JVNDBid:JVNDB-2026-003119
db:NVDid:CVE-2026-2180

LAST UPDATE DATE

2026-02-12T23:43:18.096000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-003119date:2026-02-12T07:26:00
db:NVDid:CVE-2026-2180date:2026-02-10T14:43:41.317

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-003119date:2026-02-12T00:00:00
db:NVDid:CVE-2026-2180date:2026-02-08T20:15:51.043