Description
A vulnerability was found in Tenda JD12L 16.03.53.23. This impacts the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Published: 2026-06-29
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack‑based buffer overflow exists in the fromNatStaticSetting function of Tenda JD12L firmware 16.03.53.23. By manipulating the page argument sent to /goform/NatStaticSetting, an attacker can cause a stack overflow that could allow arbitrary code execution. The vulnerability is remotely exploitable and public exploits have already been released, creating a direct threat to affected devices.

Affected Systems

Tenda JD12L devices running firmware version 16.03.53.23 are affected. No other firmware versions or related products are listed as vulnerable in the CNA data.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity flaw. Although no EPSS value is available, the fact that the exploit is public and the vulnerability is remotely triggered increases the likelihood of exploitation. The device is not listed in the CISA KEV catalog, but the stack‑based nature of the flaw implies that successful exploitation would grant an attacker control over the device.

Generated by OpenCVE AI on June 29, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest Tenda firmware that includes the fix for the NatStaticSetting buffer overflow.
  • If a firmware update is not yet available, block external access to the device’s web interface and limit the network segment from which the configuration port (goform/NatStaticSetting) can be reached.
  • Disable the NatStaticSetting feature via the router’s configuration settings if the firmware allows it, preventing the vulnerable function from being invoked by remote requests.

Generated by OpenCVE AI on June 29, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Tenda JD12L 16.03.53.23. This impacts the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Title Tenda JD12L NatStaticSetting fromNatStaticSetting stack-based overflow
First Time appeared Tenda
Tenda jd12l
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:h:tenda:jd12l:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda jd12l
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Jd12l
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-29T00:30:10.330Z

Reserved: 2026-06-28T06:45:50.951Z

Link: CVE-2026-13519

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T02:30:05Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow