Tenda Rx3 vulnerabilities

CVE-2026-2187 [HIGH] CWE-119 CVE-2026-2187: A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_ A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

CVE-2026-2181 [HIGH] CWE-119 CVE-2026-2181: A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an u A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may

CVE-2026-2186 [HIGH] CWE-119 CVE-2026-2186: A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind o A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

CVE-2026-2180 [HIGH] CWE-119 CVE-2026-2180: A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.

CVE-2026-2185 [HIGH] CWE-119 CVE-2026-2185: A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of t A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may

CVE-2025-5527 [HIGH] CWE-119 CVE-2025-5527: A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may b

CVE-2025-4357 [MEDIUM] CWE-74 CVE-2025-4357: A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-3259 [HIGH] CWE-119 CVE-2025-3259: A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This iss A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be us