Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable web endpoint (AV:N, AC:L) but the supplied 4.0 vector marks PR:L, so low-privilege auth is required; memory corruption yields full code-execution impact (C/I/A:H), scope unchanged.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
AnalysisAI
Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote attackers corrupt memory by sending an oversized startIp argument to the formSetPPTPServer handler at /goform/SetPptpServerCfg, potentially achieving denial of service or arbitrary code execution on the device. The flaw is reachable over the network and publicly available exploit code exists, though it is not listed in CISA KEV and the CVSS 4.0 vector indicates low-privilege (authenticated) access is required. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires reaching the device web server and invoking the formSetPPTPServer handler via the /goform/SetPptpServerCfg endpoint with an oversized startIp parameter, on Tenda JD12L firmware 16.03.53.23. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed-to-moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the router's web interface and holds low-privilege credentials (or rides an authenticated session) submits a crafted POST to /goform/SetPptpServerCfg with an over-length startIp value. The overflow overwrites the saved return address, crashing the httpd service or, on these unhardened embedded targets, redirecting execution to attacker-controlled shellcode for full device compromise. … |
| Remediation | No vendor-released patch or fixed firmware version is identified at time of analysis; the VulDB and GitHub references (https://github.com/cve-a/Vampirensa/issues/1, https://vuldb.com/vuln/374523) document the issue but do not cite a patched build, so monitor https://www.tenda.com.cn/ for a firmware update and apply it once released. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high sev
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attacke
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critic
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via
Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Rated critical severity (CV
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical se
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rate
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWp
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40012
GHSA-m4xx-xhjg-w8v6