Cyber Posture

CVE-2026-5683

MediumPublic PoC

Published: 06 April 2026

Published
06 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0002 6.5th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5683 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Cx12L Firmware. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the stack-based buffer overflow flaw in the fromP2pListFilter function by identifying, reporting, and applying patches or updates to the affected Tenda CX12L firmware.

SI-10 Information Input Validation good match
prevent

Requires validation of the 'page' argument input to the /goform/P2pListFilter endpoint to ensure it matches expected format and bounds, preventing the buffer overflow manipulation.

SI-16 Memory Protection good match
prevent

Deploys memory protection mechanisms such as stack canaries or address space layout randomization to detect and prevent exploitation of the stack-based buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Stack-based buffer overflow in router web form handler (/goform/P2pListFilter) directly enables exploitation of a network-accessible application via crafted input to the 'page' parameter.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack must originate from the local network.…

more

The exploit has been made public and could be used.

Deeper analysisAI

CVE-2026-5683 is a stack-based buffer overflow vulnerability affecting the Tenda CX12L router on firmware version 16.03.53.12. The flaw resides in the fromP2pListFilter function within the /goform/P2pListFilter file, where manipulation of the "page" argument triggers the overflow.

Exploitation requires an attacker with local network access (AV:A) and low privileges (PR:L), with low attack complexity and no user interaction needed (UI:N). Successful attacks can result in limited impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), earning a CVSS v3.1 base score of 5.5. The exploit has been publicly disclosed and could be used.

Advisories referenced in VulDB entries (vuln/355510) and a GitHub issue detail the vulnerability, including CTI information. The Tenda manufacturer's site (tenda.com.cn) is listed, though no specific patches or mitigations are detailed in the provided references.

Details

CWE(s)
CWE-119CWE-121

Affected Products

tenda
cx12l firmware
16.03.53.12

CVEs Like This One

CVE-2026-5684Same product: Tenda Cx12L
CVE-2025-11324Same vendor: Tenda
CVE-2025-15006Same vendor: Tenda
CVE-2025-11528Same vendor: Tenda
CVE-2026-5989Same vendor: Tenda
CVE-2026-6016Same vendor: Tenda
CVE-2026-2908Same vendor: Tenda
CVE-2025-7792Same vendor: Tenda
CVE-2025-8017Same vendor: Tenda
CVE-2026-7034Same vendor: Tenda

References