CVE Catalog

CVE-2026-13515

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile — higher than 38% of all known CVEs

Summary

A stack-based buffer overflow vulnerability has been detected in Tenda JD12L firmware version 16.03.53.23 in the formSetPPTPServer function of the /goform/SetPptpServerCfg file. Manipulation of the startIp argument allows remote exploitation. The exploit has been publicly disclosed and may be used.

Risk Assessment

The risk for the organization includes potential remote code execution, which could lead to network compromise, data leakage, or service disruption.

Recommendation

It is recommended to immediately apply a firmware update from the vendor if available, or temporarily disable the PPTP Server function and restrict management interface access to trusted IP addresses only.

Original NVD description (English source)

A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS