CVE-2026-2180
8.8 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A vulnerability in Tenda RX3 routers allows remote attackers to crash the device or potentially run malicious code by sending a specially crafted Wi-Fi network name (SSID) to a specific management page. This matters because it's easy to exploit and can give an attacker full control over the router.
Who is affected
Users of Tenda RX3 router firmware version 16.03.13.11 are affected. An attacker could take over the router, disrupt internet access, or use it to attack other devices on the network.
Recommended fix
Immediately update the router's firmware to a version newer than 16.03.13.11, if available from Tenda. If no patch exists, disable remote administration (WAN access) and restrict access to the router's web interface to trusted devices only.
Technical Description
A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-119, CWE-121