Is Tenda affected by EUVD-2026-19543?

Tenda CX12L routers running firmware 16.03.53.12 are vulnerable to authenticated remote code execution through a stack buffer overflow in the RouteStatic configuration endpoint, allowing attackers with management access to execute arbitrary commands on affected devices.

EUVD-2026-19543

| CVE-2026-5686 HIGH

2026-04-06 [email protected]

GHSA-fc6j-rjwv-62c9

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 06, 2026 - 22:22 vuln.today

EUVD ID Assigned

Apr 06, 2026 - 22:22 euvd

EUVD-2026-19543

CVE Published

Apr 06, 2026 - 22:16 nvd

HIGH 7.4

Description

A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

Analysis

Remote stack-based buffer overflow in Tenda CX12L router firmware version 16.03.53.12 allows authenticated attackers to execute arbitrary code via crafted 'page' parameter to the RouteStatic configuration endpoint. CVSS 7.4 with publicly available exploit code (E:P in vector). …

Remediation

Within 24 hours: Identify and inventory all Tenda CX12L devices running firmware 16.03.53.12 in your environment; restrict administrative access to RouteStatic endpoint via network segmentation or WAF rules if available. Within 7 days: Change all router administrative credentials to maximum complexity standards; isolate affected routers to dedicated management VLANs with strict access controls; contact Tenda support for firmware release timeline. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +37

POC: 0

EUVD-2026-19543 vulnerability details – vuln.today

Back

EUVD-2026-19543

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-19543

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code