CVE Catalog

CVE-2026-13517

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile — higher than 37% of all known CVEs

Summary

A stack-based buffer overflow vulnerability has been found in Tenda JD12L firmware version 16.03.53.23 in the formWifiBasicSet function of the /goform/WifiBasicSet file. An attacker can remotely exploit this flaw by manipulating the security_5g argument, potentially leading to arbitrary code execution.

Risk Assessment

The risk for the organization includes remote takeover of the Tenda JD12L device, which could lead to network integrity compromise, data theft, or use of the device as an entry point for further attacks.

Recommendation

It is recommended to immediately update the Tenda JD12L firmware to the latest available version if a patch has been released. If no update is available, restrict access to the device's management interface to trusted networks only.

Original NVD description (English source)

A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS