Description
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-06-08
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the form_fast_setting_wifi_set function of the Wi‑Fi Configuration Endpoint on Tenda CX12L routers. By manipulating the ssid argument, an attacker can overflow the buffer. Based on the description, it is inferred that this overflow may lead to arbitrary code execution, denial of service, and compromise of confidentiality and integrity of the device.

Affected Systems

Affected are Tenda CX12L devices running firmware version 16.03.53.12. The flaw resides in the /goform/fast_setting_wifi_set endpoint and is present in the specified firmware build.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, and the attack vector is remote, meaning the attacker need only reach the router over the network to exploit it. EPSS is not available, so the current probability of exploitation is unknown, but the vulnerability has been publicly disclosed and could be used by adversaries. Tenda has not listed it in the CISA KEV catalog yet. The lack of an official patch means the risk remains significant until remediation is applied.

Generated by OpenCVE AI on June 8, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Tenda that addresses the buffer overflow in the form_fast_setting_wifi_set function.
  • If no patch is immediately available, block remote access to the /goform/fast_setting_wifi_set endpoint using a firewall or router ACLs to prevent external exploitation.
  • Continuously monitor router logs for anomalous traffic or repeated SSID manipulation attempts that may indicate exploitation attempts.

Generated by OpenCVE AI on June 8, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda cx12l
Vendors & Products Tenda cx12l

Mon, 08 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Title Tenda CX12L Wi-Fi Configuration Endpoint fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow
First Time appeared Tenda
Tenda cx12l Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:cx12l_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda cx12l Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Cx12l Cx12l Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T09:45:12.620Z

Reserved: 2026-06-07T14:01:15.075Z

Link: CVE-2026-11503

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T10:16:32.927

Modified: 2026-06-08T10:16:32.927

Link: CVE-2026-11503

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T12:00:14Z

Weaknesses