CVE-2026-2181

HighPublic PoC

Published: 08 February 2026

Published

08 February 2026

Modified

10 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2181 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Rx3 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validates parameters like schedStartTime and schedEndTime at the /goform/openSchedWifi endpoint to prevent stack-based buffer overflows from improper input handling.

SI-16 Memory Protection good match

prevent

Implements memory safeguards such as stack canaries, ASLR, and DEP to protect against exploitation of stack-based buffer overflows leading to arbitrary code execution.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and patching of the specific buffer overflow flaw in Tenda RX3 firmware version 16.03.13.11.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability is a stack-based buffer overflow in a public-facing web endpoint (/goform/openSchedWifi) on a router, enabling remote exploitation (AV:N/AC:L/PR:L) for arbitrary code execution, directly mapping to T1190 (Exploit Public-Facing Application) for initial access and T1068 (Exploitation for Privilege Escalation) given PR:L to high-impact RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely.…

The exploit has been released to the public and may be used for attacks.

Deeper analysisAI

CVE-2026-2181 is a stack-based buffer overflow vulnerability affecting the Tenda RX3 router running firmware version 16.03.13.11. The flaw resides in an unknown functionality of the /goform/openSchedWifi endpoint, where manipulation of the schedStartTime and schedEndTime arguments triggers the overflow. This issue, linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), was published on 2026-02-08 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring network access and low attack complexity but no user interaction. Successful exploitation allows high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution on the affected device through the buffer overflow.

Advisories from sources like VulDB (ctiid.344884, id.344884, submit.749710) and a GitHub issue detail the vulnerability and note that a public exploit has been released, increasing the risk of active attacks. The Tenda vendor website (tenda.com.cn) is referenced for further information, though specific patches or mitigations are not detailed in available disclosures; practitioners should verify firmware updates directly from the vendor.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

rx3 firmware

16.03.13.11

CVEs Like This One

CVE-2026-2180Same product: Tenda Rx3

CVE-2026-2186Same product: Tenda Rx3

CVE-2026-2185Same product: Tenda Rx3

CVE-2026-2187Same product: Tenda Rx3

CVE-2025-29357Same product: Tenda Rx3

CVE-2025-29360Same product: Tenda Rx3

CVE-2025-29363Same product: Tenda Rx3

CVE-2025-29362Same product: Tenda Rx3

CVE-2025-29359Same product: Tenda Rx3

CVE-2025-29358Same product: Tenda Rx3

References

https://github.com/LX-66-LX/cve-new/issues/5
Exploit, Issue Tracking · cna@vuldb.com
https://vuldb.com/?ctiid.344884
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.344884
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.749710
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com