Sign-up

ID

VAR-202602-0352


CVE

CVE-2026-2186


TITLE

Shenzhen Tenda Technology Co.,Ltd. of RX3  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003116

DESCRIPTION

A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. An exploit for this vulnerability has been made public and is available for exploitation.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2186 // JVNDB: JVNDB-2026-003116

AFFECTED PRODUCTS

vendor:tendamodel:rx3scope:eqversion:16.03.13.11

Trust: 1.0

vendor:tendamodel:rx3scope:eqversion:rx3 firmware 16.03.13.11

Trust: 0.8

vendor:tendamodel:rx3scope:eqversion: -

Trust: 0.8

vendor:tendamodel:rx3scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-003116 // NVD: CVE-2026-2186

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2186
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-003116
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2186
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-003116
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2186
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-003116
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-003116 // NVD: CVE-2026-2186

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-003116 // NVD: CVE-2026-2186

PATCH

title:Tenda RX3 V16.03.13.11 Stack-based Buffer Overflowurl:https://vuldb.com/?id.344889

Trust: 0.8

sources: JVNDB: JVNDB-2026-003116

EXTERNAL IDS

db:NVDid:CVE-2026-2186

Trust: 2.6

db:VULDBid:344889

Trust: 1.0

db:JVNDBid:JVNDB-2026-003116

Trust: 0.8

sources: JVNDB: JVNDB-2026-003116 // NVD: CVE-2026-2186

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://github.com/lx-66-lx/cve-new/issues/7

Trust: 1.8

url:https://vuldb.com/?id.344889

Trust: 1.0

url:https://vuldb.com/?ctiid.344889

Trust: 1.0

url:https://vuldb.com/?submit.749718

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2186

Trust: 0.8

sources: JVNDB: JVNDB-2026-003116 // NVD: CVE-2026-2186

SOURCES

db:JVNDBid:JVNDB-2026-003116
db:NVDid:CVE-2026-2186

LAST UPDATE DATE

2026-02-12T23:22:28.068000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-003116date:2026-02-12T07:26:00
db:NVDid:CVE-2026-2186date:2026-02-10T14:54:48.300

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-003116date:2026-02-12T00:00:00
db:NVDid:CVE-2026-2186date:2026-02-08T21:15:48.297