Sign-up

ID

VAR-202602-0369


CVE

CVE-2026-2181


TITLE

Shenzhen Tenda Technology Co.,Ltd. of RX3  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003118

DESCRIPTION

A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. Exploits have been publicly released and may be used in attacks.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely

Trust: 1.62

sources: NVD: CVE-2026-2181 // JVNDB: JVNDB-2026-003118

AFFECTED PRODUCTS

vendor:tendamodel:rx3scope:eqversion:16.03.13.11

Trust: 1.0

vendor:tendamodel:rx3scope:eqversion:rx3 firmware 16.03.13.11

Trust: 0.8

vendor:tendamodel:rx3scope:eqversion: -

Trust: 0.8

vendor:tendamodel:rx3scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-003118 // NVD: CVE-2026-2181

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2181
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-003118
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2181
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-003118
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2181
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-003118
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-003118 // NVD: CVE-2026-2181

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-003118 // NVD: CVE-2026-2181

PATCH

title:Tenda RX3 V16.03.13.11 Stack-based Buffer Overflowurl:https://vuldb.com/?id.344884

Trust: 0.8

sources: JVNDB: JVNDB-2026-003118

EXTERNAL IDS

db:NVDid:CVE-2026-2181

Trust: 2.6

db:VULDBid:344884

Trust: 1.0

db:JVNDBid:JVNDB-2026-003118

Trust: 0.8

sources: JVNDB: JVNDB-2026-003118 // NVD: CVE-2026-2181

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://github.com/lx-66-lx/cve-new/issues/5

Trust: 1.8

url:https://vuldb.com/?ctiid.344884

Trust: 1.0

url:https://vuldb.com/?id.344884

Trust: 1.0

url:https://vuldb.com/?submit.749710

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2181

Trust: 0.8

sources: JVNDB: JVNDB-2026-003118 // NVD: CVE-2026-2181

SOURCES

db:JVNDBid:JVNDB-2026-003118
db:NVDid:CVE-2026-2181

LAST UPDATE DATE

2026-02-12T23:36:48.213000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-003118date:2026-02-12T07:26:00
db:NVDid:CVE-2026-2181date:2026-02-10T14:43:33.757

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-003118date:2026-02-12T00:00:00
db:NVDid:CVE-2026-2181date:2026-02-08T20:15:51.217