CVE-2026-2185

🗓️ 08 Feb 2026 20:32:09Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 11 Views🌐 WEB

A stack overflow in Tenda router's MAC filtering endpoint allows remote exploitation via setBlackRule set_device_name.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-2185	8 Feb 202620:32	–	attackerkb
Circl	CVE-2026-2185	8 Feb 202621:00	–	circl
CNNVD	Tenda RX3 安全漏洞	8 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-2185 Tenda RX3 MAC Filtering Configuration Endpoint setBlackRule set_device_name stack-based overflow	8 Feb 202620:32	–	cvelist
EUVD	EUVD-2026-5765	8 Feb 202620:32	–	euvd
NVD	CVE-2026-2185	8 Feb 202621:15	–	nvd
Positive Technologies	PT-2026-7019	8 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-2185	10 Feb 202601:23	–	redhatcve
Vulnrichment	CVE-2026-2185 Tenda RX3 MAC Filtering Configuration Endpoint setBlackRule set_device_name stack-based overflow	8 Feb 202620:32	–	vulnrichment

NVD

Vulners

Node

tenda rx3_firmwareMatch16.03.13.11

AND

tenda rx3Match-

[
  {
    "vendor": "Tenda",
    "product": "RX3",
    "versions": [
      {
        "version": "16.03.13.11",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:o:tenda:rx3_firmware:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "MAC Filtering Configuration Endpoint"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/LX-66-LX/cve-new/issues/6
vuldb	www.vuldb.com/
tenda	www.tenda.com.cn/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
devName	request body	goform/setBlackRule	Remote stack-based buffer overflow via manipulation of devName/mac parameter in /goform/setBlackRule (MAC Filtering Configuration Endpoint).	CWE-119, CWE-121
mac	request body	goform/setBlackRule	Remote stack-based buffer overflow via manipulation of devName/mac parameter in /goform/setBlackRule (MAC Filtering Configuration Endpoint).	CWE-119, CWE-121

17 Jun 2026 10:30Current

8.7High risk

Vulners AI Score8.7

CVSS 48.7

CVSS 3.18.8

CVSS 29

CVSS 38.8

EPSS0.00688

SSVC