CVE-2026-5684

HighPublic PoC

Published: 06 April 2026

Published

06 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0018 39.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5684 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Cx12L Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 39.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the stack-based buffer overflow vulnerability by requiring timely firmware updates or patches for the affected Tenda CX12L router.

SI-10 Information Input Validation good match

prevent

Prevents exploitation of the buffer overflow by enforcing validation of the manipulable 'page' argument in the fromwebExcptypemanFilter function.

SI-16 Memory Protection good match

prevent

Mitigates stack-based buffer overflow exploitation through memory protections such as stack canaries, non-executable stacks, and address space randomization.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in router web interface handler requires low privileges on local network and enables privilege escalation to full compromise (T1068) plus exploitation of the remote web service (T1210).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack requires access to the local…

network. The exploit has been publicly disclosed and may be utilized.

Deeper analysisAI

CVE-2026-5684 is a stack-based buffer overflow vulnerability affecting the Tenda CX12L router on firmware version 16.03.53.12. The flaw resides in the fromwebExcptypemanFilter function within the /goform/webExcptypemanFilter file, where manipulation of the "page" argument triggers the overflow. This issue is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), with a CVSS v3.1 base score of 8.0.

Attackers with access to the local network can exploit this vulnerability if they possess low privileges, requiring no user interaction. Successful exploitation enables high-impact consequences, including unauthorized disclosure of sensitive data, modification of system resources, and denial of service, potentially leading to full compromise of the device. An exploit has been publicly disclosed and may be utilized by adversaries.

Advisories on VulDB (vuln/355511 and related CTI) and the GitHub repository (cve-a/lvdan/issues/2) provide further details on the vulnerability. Practitioners should check the vendor site at tenda.com.cn for any available patches or firmware updates to mitigate the issue.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

cx12l firmware

16.03.53.12

CVEs Like This One

CVE-2026-5683Same product: Tenda Cx12L

CVE-2026-2873Same vendor: Tenda

CVE-2026-7151Same vendor: Tenda

CVE-2026-5154Same vendor: Tenda

CVE-2026-3810Same vendor: Tenda

CVE-2026-5045Same vendor: Tenda

CVE-2026-2876Same vendor: Tenda

CVE-2026-3044Same vendor: Tenda

CVE-2026-3727Same vendor: Tenda

CVE-2026-4535Same vendor: Tenda

References

https://github.com/cve-a/lvdan/issues/2
Exploit, Issue Tracking, Third Party Advisory, Mitigation · cna@vuldb.com
https://vuldb.com/submit/792781
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/355511
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/355511/cti
Permissions Required, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com