CVE-2026-2137
8.8 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A buffer overflow vulnerability exists in certain Tenda TX3 routers, allowing remote attackers to crash the device or potentially run malicious code by sending specially crafted network requests.
Who is affected
Users of Tenda TX3 routers with firmware version 16.03.13.11_multi or earlier are affected. An attacker could take control of the router, disrupt internet access, or use it to launch further attacks.
Recommended fix
Immediately update the router's firmware to a version newer than 16.03.13.11_multi. If no patch is available, disable remote administration and restrict access to the router's web interface to trusted networks only.
Technical Description
A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-119, CWE-120