Which versions of Tenda CX12L are affected by EUVD-2026-28529?

Tenda CX12L routers running firmware 16.03.53.12 contain a stack-based buffer overflow in the PPTP configuration interface that permits authenticated attackers to gain complete system control.

Is there a public PoC exploit available for EUVD-2026-28529?

Yes, a public proof-of-concept exploit is available for EUVD-2026-28529. Prioritise patching immediately. EPSS: 0.0%.

Tenda CX12L EUVD-2026-28529

Q: What is the CVSS score of EUVD-2026-28529?

EUVD-2026-28529 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-8138 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-08 VulDB

GHSA-v5fc-fw74-r356

Buffer Overflow Stack Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 08, 2026 - 05:31 vuln.today

CVSS changed

May 08, 2026 - 05:22 NVD

8.8 (HIGH) 7.4 (HIGH)

CVE Published

May 08, 2026 - 04:15 nvd

HIGH 7.4

DescriptionNVD

A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

AnalysisAI

Stack-based buffer overflow in Tenda CX12L router firmware 16.03.53.12 allows authenticated remote attackers to achieve full system compromise via the PPTP server configuration interface. The vulnerability resides in the formSetPPTPServer function within /goform/SetPptpServerCfg and is exploitable over the network with low attack complexity. …

RemediationAI

Within 24 hours: inventory all Tenda CX12L routers in your environment and document firmware versions currently deployed. Within 7 days: immediately isolate any CX12L devices running firmware 16.03.53.12 from untrusted networks and restrict administrative access to authorized personnel only; change all default and shared administrative credentials. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-28529 vulnerability details – vuln.today

Back

Tenda CX12L EUVD-2026-28529

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda CX12L EUVD-2026-28529

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code