Skip to main content

Jd12L

3 CVEs product

Monthly

CVE-2026-13519 HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote attackers corrupt memory via the 'page' parameter handled by the fromNatStaticSetting function at the /goform/NatStaticSetting endpoint. Publicly available exploit code exists, and the CVSS 4.0 vector (PR:L) indicates an authenticated user on the device's web interface can trigger high confidentiality, integrity and availability impact. There is no public exploit identified as actively used in the wild - exploitation is proof-of-concept only at this time.

Buffer Overflow Tenda Stack Overflow Jd12L
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-13518 HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets a remote attacker corrupt memory by manipulating the 'page' parameter handled by the fromAddressNat function at the /goform/addressNat endpoint, potentially achieving code execution or device crash. Publicly available exploit code exists and the issue was disclosed by VulDB, though there is no public exploit identified as actively exploited in the wild. With a CVSS 4.0 base score of 7.4 and PR:L, exploitation requires some level of authenticated access to the web management interface.

Buffer Overflow Tenda Stack Overflow Jd12L
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-13517 HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) allows remote attackers to corrupt memory by manipulating the security_5g argument sent to the formWifiBasicSet handler at /goform/WifiBasicSet, potentially achieving denial of service or arbitrary code execution on the device. The flaw is network-reachable but, per the CVSS 4.0 vector, requires low-level authentication (PR:L), and publicly available exploit code exists. There is no public exploit identified as actively exploited in CISA KEV, and the EPSS score was not provided.

Buffer Overflow Tenda Stack Overflow Jd12L
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.5%
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote attackers corrupt memory via the 'page' parameter handled by the fromNatStaticSetting function at the /goform/NatStaticSetting endpoint. Publicly available exploit code exists, and the CVSS 4.0 vector (PR:L) indicates an authenticated user on the device's web interface can trigger high confidentiality, integrity and availability impact. There is no public exploit identified as actively used in the wild - exploitation is proof-of-concept only at this time.

Buffer Overflow Tenda Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets a remote attacker corrupt memory by manipulating the 'page' parameter handled by the fromAddressNat function at the /goform/addressNat endpoint, potentially achieving code execution or device crash. Publicly available exploit code exists and the issue was disclosed by VulDB, though there is no public exploit identified as actively exploited in the wild. With a CVSS 4.0 base score of 7.4 and PR:L, exploitation requires some level of authenticated access to the web management interface.

Buffer Overflow Tenda Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) allows remote attackers to corrupt memory by manipulating the security_5g argument sent to the formWifiBasicSet handler at /goform/WifiBasicSet, potentially achieving denial of service or arbitrary code execution on the device. The flaw is network-reachable but, per the CVSS 4.0 vector, requires low-level authentication (PR:L), and publicly available exploit code exists. There is no public exploit identified as actively exploited in CISA KEV, and the EPSS score was not provided.

Buffer Overflow Tenda Stack Overflow +1
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy