CVE-2026-2185 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2026-2185?

CVE-2026-2185 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda RX3 routers allows remote attackers to execute arbitrary code by manipulating device name parameters in MAC filtering configuration. This affects Tenda RX3 routers running firmware version 16.03.13.11. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda RX3 routers allows remote attackers to execute arbitrary code by manipulating device name parameters in MAC filtering configuration. This affects Tenda RX3 routers running firmware version 16.03.13.11. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda RX3

Versions: 16.03.13.11

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the MAC filtering configuration endpoint specifically; no special configuration required.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral network movement, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Router takeover enabling traffic interception, DNS manipulation, credential theft, and use as attack platform.

🟢

If Mitigated

Limited impact if isolated from critical networks, with only device reboot or configuration loss.

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication on internet-exposed devices.

🏢 Internal Only: HIGH - Even internally, vulnerable devices can be exploited for lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware 3. Upload via router admin interface 4. Reboot router

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router administration interface

Login to router admin > Advanced > System > Disable 'Remote Management'

Disable MAC filtering

all

Remove vulnerable functionality by disabling MAC address filtering

Login to router admin > Advanced > Wireless > MAC Filter > Disable

🧯 If You Can't Patch

Segment affected routers in isolated VLAN with strict firewall rules
Implement network monitoring for exploitation attempts and block malicious IPs

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or About page

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than 16.03.13.11 and test MAC filtering functionality

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setBlackRule
Router crash/reboot logs
Failed authentication attempts to admin interface

Network Indicators:

HTTP requests with long device names to router admin interface
Unusual outbound connections from router

SIEM Query:

source="router.log" AND (uri="/goform/setBlackRule" OR "devName" OR "mac") AND data_length>100

📊 Metadata

CVE ID: CVE-2026-2185

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.08% exploit probability (22.7th percentile)

Published: February 8, 2026

Last Updated: February 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2185, you might also want to check these: