What is the CVSS score of CVE-2026-2187?

CVE-2026-2187 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Rx3 Firmware are affected by CVE-2026-2187?

A critical vulnerability in Tenda RX3 routers (CVE-2026-2187) allows remote attackers to exploit QoS configuration functions without authentication, potentially enabling network disruption, data…

Is there a public PoC exploit available for CVE-2026-2187?

Yes, a public proof-of-concept exploit is available for CVE-2026-2187. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-2187?

Within 24 hours: Inventory all Tenda RX3 devices running firmware 16.03.13.11 and isolate them from critical network segments; disable QoS configuration features if possible via device settings. Within 7 days: Implement network segmentation to restrict administrative access to affected devices; deploy WAF/IPS rules to block exploitation attempts on port 80/443 targeting /goform/formSetQosBand; consider replacing devices with patched alternatives or alternate vendors. Within 30 days: Complete migration away from vulnerable Tenda RX3 units or upgrade to patched firmware version once released by vendor; conduct network audit for signs of compromise.

Rx3 Firmware CVE-2026-2187

HIGH

Buffer Overflow (CWE-119)

2026-02-08 cna@vuldb.com

Buffer Overflow Stack Overflow Rx3 Firmware

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 10, 2026 - 14:54 vuln.today

Public exploit code

CVE Published

Feb 08, 2026 - 21:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

AnalysisAI

Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows remote attackers with low privileges to achieve complete system compromise through manipulation of QoS parameters. Public exploit code exists for this vulnerability, and no patch is currently available. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Tenda RX3 web interface

Exploit

Send crafted POST request to /goform/formSetQosBand

Execution

Manipulate list argument to overflow stack buffer

Impact

Execute arbitrary code with device privileges

Access

Authenticate to Tenda RX3 web interface

Exploit

Send crafted POST request to /goform/formSetQosBand

Execution

Manipulate list argument to overflow stack buffer

Impact

Execute arbitrary code with device privileges

Vulnerability AssessmentAI

Exploitation	Tenda RX3 firmware version 16.03.13.11 with web management interface enabled; requires valid user credentials to access /goform/formSetQosBand endpoint due to CVSS PR:L requirement. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this flaw, stack-based buffer overflow.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Tenda RX3 devices running firmware 16.03.13.11 and isolate them from critical network segments; disable QoS configuration features if possible via device settings. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-2187 vulnerability details – vuln.today

Back

Rx3 Firmware CVE-2026-2187

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code