Description
A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-04-06
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via stack-based buffer overflow
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow was discovered in the fromNatStaticSetting function of the /goform/NatStaticSetting endpoint on the Tenda CX12L router. The flaw is triggered by manipulating the page parameter and may allow an attacker to execute arbitrary code on the device. The weakness is associated with CWE‑119 and CWE‑121, potentially compromising confidentiality, integrity, and availability.

Affected Systems

The affected product is the Tenda CX12L router running firmware version 16.03.53.12; only this specific release is known to contain the vulnerability.

Risk and Exploitability

With a CVSS score of 8.7, the vulnerability is considered high severity. The EPSS score is not available, and it is not listed in the KEV catalog. The likely attack vector is remote, as an attacker can trigger the overflow by sending crafted requests to the router’s web interface and gain execution privileges within the router software environment.

Generated by OpenCVE AI on April 7, 2026 at 01:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the current firmware version and upgrade to the latest release available from Tenda’s official website.
  • If a patch is not yet released, disable remote management of the router or restrict access to the /goform/NatStaticSetting endpoint using a firewall.
  • Change the default administrative credentials and limit local network access to the router’s management interface.
  • Monitor Tenda’s advisory channels for updated patches or additional mitigation guidance.

Generated by OpenCVE AI on April 7, 2026 at 01:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda cx12l
Vendors & Products Tenda
Tenda cx12l

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Title Tenda CX12L NatStaticSetting fromNatStaticSetting stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Cx12l
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-07T13:36:38.201Z

Reserved: 2026-04-06T10:14:16.523Z

Link: CVE-2026-5687

cve-icon Vulnrichment

Updated: 2026-04-07T13:35:51.231Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-06T22:16:25.070

Modified: 2026-04-07T13:20:11.643

Link: CVE-2026-5687

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T09:36:33Z

Weaknesses