๐Ÿ” CVE Alert

CVE-2026-2185

HIGH 8.8

Tenda RX3 MAC Filtering Configuration Endpoint setBlackRule set_device_name stack-based overflow

CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th

A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used.

CWE CWE-121 CWE-119
Vendor tenda
Product rx3
Published Feb 8, 2026
Last Updated Feb 23, 2026
Stay Ahead of the Next One

Get instant alerts for tenda rx3

Be the first to know when new high vulnerabilities affecting tenda rx3 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Tenda / RX3
16.03.13.11

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/?id.344888 vuldb.com: https://vuldb.com/?ctiid.344888 vuldb.com: https://vuldb.com/?submit.749715 github.com: https://github.com/LX-66-LX/cve-new/issues/6 tenda.com.cn: https://www.tenda.com.cn/

Credits

๐Ÿ” LX-66-LX (VulDB User)