CVE-2026-5609: Tenda i12 Stack Overflow - HIGH
Platform
linux
Component
tenda
CVE-2026-5609 is a security vulnerability affecting the Tenda i12 router, specifically the function formwrlSSIDset within the /goform/wifiSSIDset component. This flaw enables a stack-based buffer overflow through manipulation of the index/wl_radio argument, potentially leading to remote code execution. The vulnerability impacts Tenda i12 devices running versions 1.0.0 through 1.0.0.11(3862), and an exploit has been publicly released, increasing the risk of exploitation. No official patch is currently available.
How to fix
Actualice el firmware de su dispositivo Tenda i12 a una versión corregida por el fabricante. Consulte el sitio web de soporte de Tenda o contacte con el soporte técnico para obtener más información sobre las actualizaciones disponibles.
Frequently asked questions
What is CVE-2026-5609?
CVE-2026-5609 is a high-severity vulnerability in the Tenda i12 router that allows a remote attacker to trigger a stack-based buffer overflow by manipulating a specific parameter. This could potentially lead to arbitrary code execution on the device.
Am I affected by CVE-2026-5609?
You are likely affected if you are using a Tenda i12 router running firmware versions 1.0.0 through 1.0.0.11(3862). Check your router's firmware version in the administration interface.
How can I fix or mitigate CVE-2026-5609?
Currently, there is no official patch available from Tenda to address this vulnerability. As a mitigation, consider isolating the affected router from the internet or implementing strict firewall rules to limit external access.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free