Description
A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Published: 2026-02-08
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote stack-based buffer overflow potentially enabling arbitrary code execution
Action: Patch Immediately
AI Analysis

Impact

The Tenda RX3 firmware 16.03.13.11 contains a notorious stack-based buffer overflow in the set_qosMib_list function, which is invoked through the web form /goform/formSetQosBand. By submitting a crafted argument list, an attacker can overflow the function’s stack buffer, resulting in an arbitrary code execution capability. The vulnerability is classified as a buffer overflow (CWE-119) combined with a stack-based buffer overrun (CWE-121). No user interaction is required other than sending a malicious request to the device’s management interface, and an exploit has already appeared in the public domain.

Affected Systems

Tenda RX3 wireless routers running firmware 16.03.13.11 are affected. The vendor, Tenda, lists the product under the RX3 model, and the specific firmware version is identifiable in the CPE data as 16.03.13.11.

Risk and Exploitability

The CVSS score of 8.7 places this flaw in the high severity range, and the EPSS scoring indicates that exploitation probability is currently below 1%, though nonzero. Because the flaw is reachable remotely via the device’s web interface, and a public exploit exists, the risk of compromise is tangible for any mathematically unprotected environments. The vulnerability is not present in CISA’s KEV catalogue, but that does not diminish the need for mitigation. The likely attack path is a remote attacker sending a specially crafted HTTP request to the /goform/formSetQosBand endpoint, which triggers a stack overflow and consequently arbitrary code execution.

Generated by OpenCVE AI on April 17, 2026 at 21:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official firmware patch from Tenda to resolve the buffer overflow vulnerability
  • If an immediate firmware upgrade is unavailable, restrict access to the device’s web management interface by blocking the /goform/formSetQosBand endpoint or limiting management access to the local network only
  • Disable QoS functionality if the device’s firmware or the router’s configuration interface can be adjusted to prevent the exposed buffer overflow path
  • Monitor the device for anomalous behavior or unexpected network activity that could indicate exploitation attempts

Generated by OpenCVE AI on April 17, 2026 at 21:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:tenda:rx3_firmware:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda rx3 Firmware
CPEs cpe:2.3:h:tenda:rx3:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:rx3_firmware:16.03.13.11:*:*:*:*:*:*:*
Vendors & Products Tenda rx3 Firmware

Mon, 09 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda rx3
Vendors & Products Tenda
Tenda rx3

Sun, 08 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Title Tenda RX3 formSetQosBand set_qosMib_list stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Rx3 Rx3 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:49:51.970Z

Reserved: 2026-02-07T17:16:30.200Z

Link: CVE-2026-2187

cve-icon Vulnrichment

Updated: 2026-02-09T20:54:06.886Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-08T21:15:48.473

Modified: 2026-02-10T14:54:57.407

Link: CVE-2026-2187

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:45:28Z

Weaknesses