Skip to main content

Tenda CX12L CVE-2026-11504

| EUVD-2026-35039 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-06-08 VulDB GHSA-pjjg-3c99-jj57
Tenda Stack Overflow Buffer Overflow
7.4
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jun 08, 2026 - 12:29 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 08, 2026 - 12:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 08, 2026 - 12:22 vuln.today
cvss_changed
CVSS changed
Jun 08, 2026 - 12:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
Jun 08, 2026 - 12:21 vuln.today

DescriptionNVD

A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda CX12L 16.03.53.12 routers allows remote attackers with low privileges to corrupt memory via the setSchedWifi function in /goform/openSchedWifi by manipulating the schedStartTime or schedEndTime parameters. Publicly available exploit code exists per VulDB, raising the practical risk despite the vulnerability not yet being listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Reach router web UI on LAN or exposed WAN
Delivery
Authenticate with low-privilege credentials
Exploit
Send crafted POST to /goform/openSchedWifi with oversized schedStartTime/schedEndTime
Install
Overflow stack buffer in setSchedWifi
C2
Hijack control flow in HTTP daemon
Execute
Execute code as root on device
Impact
Pivot into LAN or persist on router
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the Tenda CX12L web management interface (TCP port 80/443 on the LAN by default; WAN-side only if remote management is enabled) and a low-privilege authenticated session per CVSS PR:L - meaning valid credentials to the router's web UI are needed to reach the /goform/openSchedWifi handler and invoke setSchedWifi. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N with VC:H/VI:H/VA:H and E:P (Proof-of-Concept) scores 7.4 and indicates a network-reachable, low-complexity attack requiring some level of privilege but no user interaction, with high impact on the vulnerable component. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a low-privilege session on the router's web UI - for example via default or guessed credentials, a CSRF chain from a LAN client, or pivoting from another compromised host on the LAN - sends a crafted POST request to /goform/openSchedWifi with oversized schedStartTime or schedEndTime values. The publicly available proof-of-concept linked from https://github.com/cve-a/moist/issues/2 demonstrates the parameter overflow, which can crash the web management daemon (denial of service) or, with appropriate payload crafting given the embedded device's memory protections, redirect execution to attacker-controlled code running with the privileges of the router's HTTP server, typically root on Tenda firmware.
Remediation No vendor-released patch identified at time of analysis; the Tenda advisory page (https://www.tenda.com.cn/) and VulDB entry (https://vuldb.com/vuln/369124) should be monitored for an updated firmware build superseding 16.03.53.12. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Identify all Tenda CX12L routers with firmware 16.03.53.12 in production; restrict administrative access to authorized personnel; enable device audit logging. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-11503 HIGH POC
7.4 Jun 08

Stack-based buffer overflow in the Tenda CX12L router (firmware 16.03.53.12) allows authenticated remote attackers to co
CVE-2026-11522 HIGH POC
7.4 Jun 08

Stack-based buffer overflow in the Tenda W20E router (firmware 15.11.0.6) allows remote authenticated attackers to corru
CVE-2026-11523 HIGH POC
7.4 Jun 08

Stack-based buffer overflow in Tenda W20E firmware 15.11.0.6 allows authenticated remote attackers to corrupt memory via
CVE-2026-11524 HIGH POC
7.4 Jun 08

Stack-based buffer overflow in the Tenda W20E router (firmware 15.11.0.6) allows remote authenticated attackers to corru
CVE-2026-11528 HIGH POC
7.4 Jun 08

Stack-based buffer overflow in the Tenda AC18 router (firmware 15.03.05.05) Web Management Interface allows remote attac

Share

CVE-2026-11504 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy