CVE-2026-5684:
A stack-based buffer overflow vulnerability in Tenda CX12L firmware 16.03.53.12 allows adjacent network attackers with low privileges to execute arbitrary code via manipulation of the `page` argument in the `fromwebExcptypemanFilter` function.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.0High- Published Date:Apr 6, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.1
- EPSS Percentile:16%
Exploitability
- Score:2.1
- Attack Vector:ADJACENT_NETWORK
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
A stack-based buffer overflow vulnerability in Tenda CX12L firmware 16.03.53.12 allows adjacent network attackers with low privileges to execute arbitrary code via manipulation of the `page` argument in the `fromwebExcptypemanFilter` function.
Overview
CVE-2026-5684 affects the Tenda CX12L router (firmware version 16.03.53.12) and is classified as a stack-based buffer overflow in the `fromwebExcptypemanFilter` function at the `/goform/webExcptypemanFilter` endpoint. The flaw arises from improper memory boundary enforcement when processing the `page` parameter, allowing a locally adjacent, low-privileged attacker to overflow the stack buffer. The impact is severe, as exploitation can yield full control over the device with high confidentiality, integrity, and availability impact to the vulnerable component. A public proof-of-concept exploit is available, which materially elevates exploitation risk for devices exposed on local networks.
Remediation
- At the time of publication, no official vendor patch has been referenced for this vulnerability. Users and administrators of the Tenda CX12L running firmware 16.03.53.12 are advised to take the following mitigating actions until a patch is available: restrict local network access to the device's administrative interface, enforce strict network segmentation to limit adjacency exposure, disable remote management features where not required, monitor network traffic to and from the device for anomalous activity, and check Tenda's official website (https://www.tenda.com.cn/) regularly for firmware updates or security advisories addressing this issue.
References
- - [CVE-2026-5684 - NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2026-5684)
- - [VulDB Entry 355511](https://vuldb.com/vuln/355511)
- - [VulDB CTI Entry 355511](https://vuldb.com/vuln/355511/cti)
- - [VulDB Submission 792781](https://vuldb.com/submit/792781)
- - [Proof-of-Concept / Issue Tracking (GitHub)](https://github.com/cve-a/lvdan/issues/2)
- - [Tenda Official Website](https://www.tenda.com.cn/)
- - [CWE-121: Stack-Based Buffer Overflow](https://cwe.mitre.org/data/definitions/121.html)
- - [CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer](https://cwe.mitre.org/data/definitions/119.html)
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
