Skip to main content

Tenda JD12L EUVDEUVD-2026-40014

| CVE-2026-13517 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-06-29 VulDB GHSA-38gh-hfgh-77mp
7.4
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable management endpoint (AV:N) with low complexity, but the web UI requires at least low-privilege authentication (PR:L); a stack overflow on a mitigation-free router yields full C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jun 29, 2026 - 01:29 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 29, 2026 - 01:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 29, 2026 - 01:22 vuln.today
cvss_changed
CVSS changed
Jun 29, 2026 - 01:22 NVD
8.7 (HIGH) 7.4 (HIGH)
Analysis Generated
Jun 29, 2026 - 00:42 vuln.today

DescriptionCVE.org

A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

AnalysisAI

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) allows remote attackers to corrupt memory by manipulating the security_5g argument sent to the formWifiBasicSet handler at /goform/WifiBasicSet, potentially achieving denial of service or arbitrary code execution on the device. The flaw is network-reachable but, per the CVSS 4.0 vector, requires low-level authentication (PR:L), and publicly available exploit code exists. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Reach router web interface (LAN or exposed WAN)
Delivery
Authenticate with low-privilege/default credentials
Exploit
Send crafted POST to /goform/WifiBasicSet
Install
Overflow stack via oversized security_5g
C2
Overwrite saved return address
Execute
Execute payload or crash httpd
Impact
Gain control of router or cause denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires sending a manipulated security_5g parameter to the formWifiBasicSet function via the /goform/WifiBasicSet endpoint of the JD12L web management interface, and per the CVSS 4.0 vector it requires PR:L - a low-privilege authenticated session to that interface - so the attacker must reach the HTTP management service and possess at least limited valid credentials (or exploit default/weak credentials). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 base score is 7.4 (High) with vector AV:N/AC:L/AT:N/PR:L/UI:N and high confidentiality, integrity, and availability impact to the vulnerable system (VC:H/VI:H/VA:H), with no subsequent-system impact (SC/SI/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege access to the router's web interface - for example a user on the local network who has obtained or guessed valid management credentials, or who is leveraging a default password - sends a crafted POST request to /goform/WifiBasicSet with an oversized security_5g value. The overflow overwrites the stack return address, crashing the httpd service (denial of service) or, with a tailored payload on a mitigation-free embedded target, executing attacker-supplied code with the router's privileges. …
Remediation No vendor-released patch identified at time of analysis; Tenda had not published a fixed firmware version in the provided data, and JD12L-class devices are frequently slow to receive or never receive security updates. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Conduct immediate inventory of all Tenda JD12L devices; document current firmware versions and network location; restrict administrative access through firewall rules and disable unnecessary remote management services. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40014 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy