CVE-2026-13516
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk37th percentile — higher than 37% of all known CVEs
Summary
A vulnerability was detected in Tenda JD12L 16.03.53.23, involving a stack-based buffer overflow in the fromSetWifiGusetBasic function of the /goform/WifiGuestSet file. An attacker can remotely exploit this by manipulating the shareSpeed argument.
Risk Assessment
The risk for the organization includes potential remote code execution or device crash, which could disrupt Wi-Fi services and lead to router compromise.
Recommendation
It is recommended to immediately update the Tenda JD12L firmware to the latest version that fixes this vulnerability. If no update is available, restrict access to the device management interface to trusted networks only.
Original NVD description (English source)
A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

