CVE-2026-2181
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Analysis
Remote code execution in Tenda RX3 firmware versions up to 16.03.13.11 via stack-based buffer overflow in the /goform/openSchedWifi endpoint allows unauthenticated attackers to execute arbitrary code by manipulating the schedStartTime and schedEndTime parameters. Public exploit code exists and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Tenda RX3 16.03.13.11 devices in your environment and isolate affected units from production networks if business-critical. Within 7 days: Implement network segmentation to restrict access to the /goform/openSchedWifi endpoint and disable the WiFi scheduling feature if not operationally required. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today