CVE-2026-13519
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk37th percentile — higher than 37% of all known CVEs
Summary
A vulnerability was found in Tenda JD12L firmware version 16.03.53.23, involving a stack-based buffer overflow in the fromNatStaticSetting function of the /goform/NatStaticSetting file. An attacker can remotely manipulate the page argument, causing a buffer overflow. The exploit has been made public and could be used.
Risk Assessment
The risk for the organization is the possibility of remote code execution by an attacker, which could lead to device takeover, network integrity compromise, and potential access to sensitive data.
Recommendation
It is recommended to immediately update the Tenda JD12L firmware to the latest available version if a patch is released by the vendor. If no update is available, restrict access to the device management interface to trusted networks only.
Original NVD description (English source)
A vulnerability was found in Tenda JD12L 16.03.53.23. This impacts the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

