EUVD-2026-19543
GHSA-fc6j-rjwv-62c9
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Tags
Description
A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Analysis
Remote stack-based buffer overflow in Tenda CX12L router firmware version 16.03.53.12 allows authenticated attackers to execute arbitrary code via crafted 'page' parameter to the RouteStatic configuration endpoint. CVSS 7.4 with publicly available exploit code (E:P in vector). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Tenda CX12L devices running firmware 16.03.53.12 in your environment; restrict administrative access to RouteStatic endpoint via network segmentation or WAF rules if available. Within 7 days: Change all router administrative credentials to maximum complexity standards; isolate affected routers to dedicated management VLANs with strict access controls; contact Tenda support for firmware release timeline. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today