CVE-2026-2185: Stack-based Buffer Overflow in Tenda RX3
CVE-2026-2185 is a high-severity stack-based buffer overflow vulnerability in the Tenda RX3 router firmware version 16. 03. 13. 11. It affects the MAC Filtering Configuration Endpoint, specifically the set_device_name function in /goform/setBlackRule, where improper handling of the devName/mac argument allows remote attackers to overflow the stack. This vulnerability can be exploited remotely without authentication or user interaction, potentially leading to full compromise of the device. Although no exploits are currently observed in the wild, a proof-of-concept exploit has been published. The vulnerability poses significant risks to network integrity and availability, especially in environments relying on Tenda RX3 routers. European organizations using this device should prioritize patching or mitigation due to the high impact and ease of exploitation. Countries with higher market penetration of Tenda devices and critical infrastructure deployments are at greater risk.
AI Analysis
Technical Summary
CVE-2026-2185 is a critical stack-based buffer overflow vulnerability identified in the Tenda RX3 router firmware version 16.03.13.11. The flaw exists in the MAC Filtering Configuration Endpoint, specifically within the set_device_name function located in the /goform/setBlackRule path. This function improperly processes the devName/mac parameter, allowing an attacker to supply crafted input that overflows the stack buffer. The overflow can corrupt adjacent memory, potentially enabling arbitrary code execution or denial of service. The vulnerability is remotely exploitable without requiring authentication or user interaction, making it highly accessible to attackers. The CVSS 4.0 score of 8.7 reflects the vulnerability's high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no active exploitation has been reported, a public exploit is available, increasing the risk of imminent attacks. The vulnerability affects a widely deployed consumer and small business router model, which often serves as a network gateway, amplifying the potential impact. The absence of an official patch at the time of disclosure necessitates immediate mitigation efforts to prevent exploitation.
Potential Impact
For European organizations, this vulnerability presents a significant threat to network security and operational continuity. Exploitation could allow attackers to execute arbitrary code on the router, leading to full device compromise. This can result in interception or manipulation of network traffic, unauthorized access to internal networks, and disruption of internet connectivity. Critical infrastructure, SMEs, and home office environments using Tenda RX3 routers are particularly vulnerable. The compromise of these devices could facilitate lateral movement within corporate networks or serve as a foothold for further attacks. Given the remote exploitability without authentication, attackers can target vulnerable devices en masse, potentially causing widespread outages or data breaches. The impact on confidentiality, integrity, and availability is high, threatening sensitive data and network reliability across affected organizations.
Mitigation Recommendations
Immediate mitigation steps include isolating affected Tenda RX3 devices from critical network segments and restricting remote management access. Network administrators should implement strict firewall rules to block incoming traffic to the /goform/setBlackRule endpoint or disable MAC filtering features if feasible. Monitoring network traffic for anomalous requests targeting this endpoint can help detect exploitation attempts. Until an official firmware patch is released, organizations should consider replacing vulnerable devices with models from vendors with timely security updates. Employing network segmentation and intrusion detection systems can limit the impact of a compromised router. Additionally, educating users about the risks and ensuring that default credentials are changed reduces the attack surface. Regularly checking vendor advisories for patches and applying them promptly once available is critical to long-term remediation.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2026-2185: Stack-based Buffer Overflow in Tenda RX3
Description
CVE-2026-2185 is a high-severity stack-based buffer overflow vulnerability in the Tenda RX3 router firmware version 16. 03. 13. 11. It affects the MAC Filtering Configuration Endpoint, specifically the set_device_name function in /goform/setBlackRule, where improper handling of the devName/mac argument allows remote attackers to overflow the stack. This vulnerability can be exploited remotely without authentication or user interaction, potentially leading to full compromise of the device. Although no exploits are currently observed in the wild, a proof-of-concept exploit has been published. The vulnerability poses significant risks to network integrity and availability, especially in environments relying on Tenda RX3 routers. European organizations using this device should prioritize patching or mitigation due to the high impact and ease of exploitation. Countries with higher market penetration of Tenda devices and critical infrastructure deployments are at greater risk.
AI-Powered Analysis
Technical Analysis
CVE-2026-2185 is a critical stack-based buffer overflow vulnerability identified in the Tenda RX3 router firmware version 16.03.13.11. The flaw exists in the MAC Filtering Configuration Endpoint, specifically within the set_device_name function located in the /goform/setBlackRule path. This function improperly processes the devName/mac parameter, allowing an attacker to supply crafted input that overflows the stack buffer. The overflow can corrupt adjacent memory, potentially enabling arbitrary code execution or denial of service. The vulnerability is remotely exploitable without requiring authentication or user interaction, making it highly accessible to attackers. The CVSS 4.0 score of 8.7 reflects the vulnerability's high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no active exploitation has been reported, a public exploit is available, increasing the risk of imminent attacks. The vulnerability affects a widely deployed consumer and small business router model, which often serves as a network gateway, amplifying the potential impact. The absence of an official patch at the time of disclosure necessitates immediate mitigation efforts to prevent exploitation.
Potential Impact
For European organizations, this vulnerability presents a significant threat to network security and operational continuity. Exploitation could allow attackers to execute arbitrary code on the router, leading to full device compromise. This can result in interception or manipulation of network traffic, unauthorized access to internal networks, and disruption of internet connectivity. Critical infrastructure, SMEs, and home office environments using Tenda RX3 routers are particularly vulnerable. The compromise of these devices could facilitate lateral movement within corporate networks or serve as a foothold for further attacks. Given the remote exploitability without authentication, attackers can target vulnerable devices en masse, potentially causing widespread outages or data breaches. The impact on confidentiality, integrity, and availability is high, threatening sensitive data and network reliability across affected organizations.
Mitigation Recommendations
Immediate mitigation steps include isolating affected Tenda RX3 devices from critical network segments and restricting remote management access. Network administrators should implement strict firewall rules to block incoming traffic to the /goform/setBlackRule endpoint or disable MAC filtering features if feasible. Monitoring network traffic for anomalous requests targeting this endpoint can help detect exploitation attempts. Until an official firmware patch is released, organizations should consider replacing vulnerable devices with models from vendors with timely security updates. Employing network segmentation and intrusion detection systems can limit the impact of a compromised router. Additionally, educating users about the risks and ensuring that default credentials are changed reduces the attack surface. Regularly checking vendor advisories for patches and applying them promptly once available is critical to long-term remediation.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-02-07T15:29:25.365Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6988f6174b57a58fa1cbbd28
Added to database: 2/8/2026, 8:46:15 PM
Last enriched: 2/8/2026, 9:00:32 PM
Last updated: 2/8/2026, 11:12:45 PM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2191: Stack-based Buffer Overflow in Tenda AC9
HighCVE-2026-2190: SQL Injection in itsourcecode School Management System
MediumCVE-2026-2189: SQL Injection in itsourcecode School Management System
MediumCVE-2026-2188: OS Command Injection in UTT 进取 521G
HighCVE-2026-2187: Stack-based Buffer Overflow in Tenda RX3
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.