Sign-up

ID

VAR-202602-0604


CVE

CVE-2026-2185


TITLE

Shenzhen Tenda Technology Co.,Ltd. of RX3  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003117

DESCRIPTION

A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. /goform/setBlackRule Inside set_device_name Affects functions. This attack is remotely executable and there is a publicly available exploit that could potentially be used in the wild.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2185 // JVNDB: JVNDB-2026-003117

AFFECTED PRODUCTS

vendor:tendamodel:rx3scope:eqversion:16.03.13.11

Trust: 1.0

vendor:tendamodel:rx3scope:eqversion:rx3 firmware 16.03.13.11

Trust: 0.8

vendor:tendamodel:rx3scope:eqversion: -

Trust: 0.8

vendor:tendamodel:rx3scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-003117 // NVD: CVE-2026-2185

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2185
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-003117
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2185
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-003117
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2185
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-003117
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-003117 // NVD: CVE-2026-2185

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-003117 // NVD: CVE-2026-2185

PATCH

title:Tenda RX3 V16.03.13.11 Stack-based Buffer Overflowurl:https://vuldb.com/?id.344888

Trust: 0.8

sources: JVNDB: JVNDB-2026-003117

EXTERNAL IDS

db:NVDid:CVE-2026-2185

Trust: 2.6

db:VULDBid:344888

Trust: 1.0

db:JVNDBid:JVNDB-2026-003117

Trust: 0.8

sources: JVNDB: JVNDB-2026-003117 // NVD: CVE-2026-2185

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://github.com/lx-66-lx/cve-new/issues/6

Trust: 1.8

url:https://vuldb.com/?ctiid.344888

Trust: 1.0

url:https://vuldb.com/?id.344888

Trust: 1.0

url:https://vuldb.com/?submit.749715

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2185

Trust: 0.8

sources: JVNDB: JVNDB-2026-003117 // NVD: CVE-2026-2185

SOURCES

db:JVNDBid:JVNDB-2026-003117
db:NVDid:CVE-2026-2185

LAST UPDATE DATE

2026-02-12T23:50:17.147000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-003117date:2026-02-12T07:26:00
db:NVDid:CVE-2026-2185date:2026-02-10T14:54:35.470

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-003117date:2026-02-12T00:00:00
db:NVDid:CVE-2026-2185date:2026-02-08T21:15:48.120