CVE-2026-2185
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Analysis
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 MAC filtering endpoint allows authenticated remote attackers to achieve code execution through crafted device name or MAC address parameters. Public exploit code exists for this vulnerability and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Tenda RX3 devices running firmware 16.03.13.11 and isolate them from production networks or disable remote management access. Within 7 days: Implement network segmentation to restrict access to the affected endpoint (/goform/setBlackRule) and deploy WAF rules to block suspicious requests to this function. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today