EUVD-2026-19541
GHSA-frp6-hv3g-9wcp
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.
Analysis
Remote code execution in Tenda CX12L firmware version 16.03.53.12 allows authenticated attackers to overflow stack buffers via malicious 'page' parameter values sent to the addressNat endpoint (/goform/addressNat). The fromAddressNat function fails to validate input length, enabling memory corruption with high impact to confidentiality, integrity, and availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Tenda CX12L devices running firmware 16.03.53.12 in your network; restrict administrative console access to trusted personnel only. Within 7 days: Implement network segmentation to isolate affected routers from sensitive systems; monitor authentication logs for unauthorized access attempts to the /goform/addressNat endpoint. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today