Description
A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
Published: 2026-06-29
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The firmware of the Tenda JD12L router contains a stack-based buffer overflow in the formWifiBasicSet function (located in /goform/WifiBasicSet). A crafted value of the security_5g parameter can overflow the stack, potentially hijacking execution flow. Because the endpoint is reachable over the network, the flaw can be triggered remotely, and published exploits indicate that it can be used to execute arbitrary code on the device.

Affected Systems

Affected are Tenda routers with the JD12L model running firmware version 16.03.53.23. No other versions are listed as vulnerable in the available data.

Risk and Exploitability

The vulnerability has a CVSS score of 8.7, classifying it as high severity. The EPSS score is unavailable, but the flaw is not listed in the CISA KEV catalog, which suggests it is not known to be widely exploited in the wild yet. Nonetheless, the presence of a published exploit and the ability to trigger the overflow remotely make the risk significant. A successful exploitation would likely allow the attacker to execute arbitrary code on the router, compromising the confidentiality, integrity, and availability of the device and potentially the network it serves.

Generated by OpenCVE AI on June 29, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the JD12L firmware to the latest version that addresses the stack overflow in formWifiBasicSet.
  • If an immediate firmware upgrade is not available, restrict remote access to the /goform/WifiBasicSet endpoint or disable remote management features on the router.
  • Monitor the router’s logs for anomalous access patterns to /goform/WifiBasicSet and block any IP addresses that exhibit suspicious activity.

Generated by OpenCVE AI on June 29, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
Title Tenda JD12L WifiBasicSet formWifiBasicSet stack-based overflow
First Time appeared Tenda
Tenda jd12l
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:h:tenda:jd12l:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda jd12l
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Jd12l
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-29T00:00:11.746Z

Reserved: 2026-06-28T06:45:45.151Z

Link: CVE-2026-13517

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T01:30:04Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow