UnratedPublic exploit

Stack-based Buffer Overflow in Tenda JD12L formWifiBasicSet

IdentifiersCVE-2026-13517CWE-121

CVE-2026-13517 is a remotely exploitable stack-based buffer overflow in Tenda JD12L firmware version 16.03.53.23. The flaw affects the formWifiBasicSet function exposed via the /goform/WifiBasicSet endpoint. According to the provided content, the vulnerability is triggered through manipulation of the security_5g argument, causing unsafe handling of attacker-controlled input on the stack. Successful exploitation may allow memory corruption in the affected process. A public exploit has been published.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

The vulnerability allows remote attackers to trigger stack memory corruption in the affected Tenda JD12L device. Depending on exploit reliability and runtime protections, successful exploitation could result in denial of service via process or device crash and may potentially enable arbitrary code execution in the context of the vulnerable service. The issue is described as remotely exploitable and publicly weaponized through an available exploit.

Mitigation

If you can’t patch tonight, do this now.

Restrict network access to the device management interface and specifically to the /goform/WifiBasicSet functionality so it is not reachable from untrusted networks. Limit administrative exposure to trusted hosts or management VLANs, disable remote administration if not required, and monitor for exploitation attempts targeting malformed security_5g parameters. Where patching is not possible, place the device behind ACLs/firewall rules and consider device replacement.

Remediation

Patch, then assume compromise.

Upgrade Tenda JD12L firmware from version 16.03.53.23 to a fixed release if one is available from the vendor. Apply official vendor patches or updated firmware as soon as they are released. If no patched version is currently available, track vendor advisories and replace or isolate affected devices where appropriate.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app

cvefeed high severityNews

Jun 29, 2026

CVE-2026-13517 - Tenda JD12L WifiBasicSet formWifiBasicSet stack-based overflow

A remote stack-based buffer overflow vulnerability in Tenda JD12L 16.03.53.23, affecting the formWifiBasicSet function in /goform/WifiBasicSet via the security_5g argument.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-13517

NVD

nvd.nist.gov/vuln/detail/CVE-2026-13517

MITRE CWE · CWE-121

cwe.mitre.org