Platform
tenda
Component
tenda
CVE-2026-5687 describes a stack-based buffer overflow vulnerability found in the Tenda CX12L Router. This flaw resides within the function fromNatStaticSetting of the /goform/NatStaticSetting file, allowing attackers to manipulate arguments and potentially trigger a crash or gain unauthorized access. The vulnerability affects firmware version 16.03.53.12–16.03.53.12 and a public exploit is available, increasing the risk of exploitation. No official patch has been released at the time of publication.
A critical vulnerability has been identified in the Tenda CX12L router, version 16.03.53.12, tracked as CVE-2026-5687. This security flaw resides within the fromNatStaticSetting function in the /goform/NatStaticSetting file and manifests as a stack-based buffer overflow. The vulnerability is rated with a CVSS score of 8.8, indicating a high level of severity. The concerning aspect is that exploitation of this vulnerability can be initiated remotely, meaning an attacker from anywhere on the network can potentially exploit it. The public availability of the exploit further exacerbates the situation, significantly increasing the likelihood of targeted attacks against vulnerable devices. The lack of an official fix (fix: none) from Tenda necessitates immediate action by users to mitigate the risk.
The exploit for CVE-2026-5687 has been made public, making it easier for attackers with varying levels of technical skill to utilize it. The vulnerability lies within the fromNatStaticSetting function of the /goform/NatStaticSetting file, which manages Network Address Translation (NAT) configuration. An attacker can manipulate the arguments sent to this function to trigger a buffer overflow, potentially allowing for arbitrary code execution on the router. The remote nature of the exploitation means attackers do not need physical access to the device. The exploit's availability on the web significantly increases the risk of automated and targeted attacks. Network administrators are advised to take immediate action to protect their networks.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
Given that Tenda has not provided a security update (fix: none) for CVE-2026-5687, mitigation options are limited but crucial. The primary recommendation is to isolate the vulnerable Tenda CX12L router from the public network, if possible. This involves avoiding exposing the router directly to the internet. If the router is essential for connectivity, implementing strict firewall rules to restrict access to the fromNatStaticSetting function is recommended. Actively monitoring network traffic for suspicious patterns can also help detect exploitation attempts. Considering replacing the router with a more recent model with updated security support is the safest long-term solution. The lack of an official fix underscores the importance of maintaining a network device inventory and regularly assessing security risks.
Actualice el firmware del router Tenda CX12L a una versión corregida. Consulte el sitio web del fabricante o la documentación del producto para obtener instrucciones sobre cómo actualizar el firmware. Esta vulnerabilidad permite la ejecución remota de código, por lo que es crucial aplicar la actualización lo antes posible.
Vulnerability analysis and critical alerts directly to your inbox.
It's a unique identifier for a specific security vulnerability in the Tenda CX12L router.
It's a type of programming error that can allow an attacker to execute malicious code on a device.
Isolate the router from the internet and consider replacing it with a more secure model.
Currently, no update is available (fix: none).
Implement strict firewall rules, monitor network traffic, and consider a more secure router.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.