Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable management endpoint (AV:N) with low complexity, but the web UI requires at least low-privilege authentication (PR:L); a stack overflow on a mitigation-free router yields full C/I/A impact.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
AnalysisAI
Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) allows remote attackers to corrupt memory by manipulating the security_5g argument sent to the formWifiBasicSet handler at /goform/WifiBasicSet, potentially achieving denial of service or arbitrary code execution on the device. The flaw is network-reachable but, per the CVSS 4.0 vector, requires low-level authentication (PR:L), and publicly available exploit code exists. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires sending a manipulated security_5g parameter to the formWifiBasicSet function via the /goform/WifiBasicSet endpoint of the JD12L web management interface, and per the CVSS 4.0 vector it requires PR:L - a low-privilege authenticated session to that interface - so the attacker must reach the HTTP management service and possess at least limited valid credentials (or exploit default/weak credentials). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 4.0 base score is 7.4 (High) with vector AV:N/AC:L/AT:N/PR:L/UI:N and high confidentiality, integrity, and availability impact to the vulnerable system (VC:H/VI:H/VA:H), with no subsequent-system impact (SC/SI/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privilege access to the router's web interface - for example a user on the local network who has obtained or guessed valid management credentials, or who is leveraging a default password - sends a crafted POST request to /goform/WifiBasicSet with an oversized security_5g value. The overflow overwrites the stack return address, crashing the httpd service (denial of service) or, with a tailored payload on a mitigation-free embedded target, executing attacker-supplied code with the router's privileges. … |
| Remediation | No vendor-released patch identified at time of analysis; Tenda had not published a fixed firmware version in the provided data, and JD12L-class devices are frequently slow to receive or never receive security updates. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Conduct immediate inventory of all Tenda JD12L devices; document current firmware versions and network location; restrict administrative access through firewall rules and disable unnecessary remote management services. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote attackers corrupt memory via th
Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets a remote attacker corrupt memory by ma
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40014
GHSA-38gh-hfgh-77mp