CVE Catalog

CVE-2026-13518

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile — higher than 37% of all known CVEs

Summary

A stack-based buffer overflow vulnerability was discovered in Tenda JD12L firmware version 16.03.53.23 within the fromAddressNat function of the /goform/addressNat file. An attacker can remotely exploit this by manipulating the page argument. Exploit details have been publicly disclosed.

Risk Assessment

The risk to the organization is the potential for remote code execution by an unauthenticated attacker, which could lead to full device compromise and network integrity breach.

Recommendation

Immediately restrict access to the device management interface from external networks and contact the vendor for a firmware update.

Original NVD description (English source)

A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS