Vulnerabilities ›

CVE-2026-5687

High

CWE-119 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 13, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

🤖 AI Executive Summary

A critical stack-based buffer overflow vulnerability exists in Tenda CX12L router firmware version 16.03.53.12 affecting the NatStaticSetting function. The vulnerability allows remote attackers to execute arbitrary code by manipulating the 'page' parameter, with a CVSS score of 8.8. No patch is currently available, making immediate mitigation essential for Saudi organizations relying on this router model.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 20:17

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi telecommunications providers (STC, Mobily, Zain), government agencies using Tenda routers for network infrastructure, and small-to-medium enterprises. Banking sector organizations using these routers for branch connectivity face elevated risk of network compromise. Healthcare facilities and ARAMCO-affiliated operations utilizing this equipment could experience service disruption and data exfiltration. The lack of available patches increases exposure window for critical infrastructure sectors regulated by NCA and SAMA.

🏢 Affected Saudi Sectors

Telecommunications (STC, Mobily, Zain) Government Agencies Banking and Financial Services Healthcare Energy (ARAMCO) Small and Medium Enterprises Education

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1133 - External Remote Services T1059 - Command and Scripting Interpreter T1047 - Windows Management Instrumentation T1543 - Create or Modify System Process

⚖️ Saudi Risk Score (AI)

8.5

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Tenda CX12L devices running firmware 16.03.53.12 in your network using network scanning tools

2. Isolate affected devices from critical network segments if possible

3. Implement network segmentation to restrict access to the router's web interface (port 80/443)

4. Disable remote management features on affected routers

5. Monitor for suspicious access attempts to /goform/NatStaticSetting endpoint



COMPENSATING CONTROLS:

6. Deploy WAF rules to block requests with suspicious 'page' parameter values

7. Implement strict input validation at network perimeter

8. Enable detailed logging on affected devices and forward logs to SIEM

9. Restrict administrative access to router management interfaces via IP whitelisting

10. Consider replacing affected devices with patched alternatives from Tenda or alternative vendors



DETECTION RULES:

11. Monitor for POST requests to /goform/NatStaticSetting with oversized 'page' parameters

12. Alert on any successful code execution attempts from router management interfaces

13. Track firmware version compliance across network inventory

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة Tenda CX12L التي تعمل بالإصدار 16.03.53.12 في شبكتك باستخدام أدوات المسح

2. عزل الأجهزة المتأثرة عن القطاعات الحرجة في الشبكة إن أمكن

3. تطبيق تقسيم الشبكة لتقييد الوصول إلى واجهة الويب للموجه (المنفذ 80/443)

4. تعطيل ميزات الإدارة البعيدة على الأجهزة المتأثرة

5. مراقبة محاولات الوصول المريبة إلى نقطة النهاية /goform/NatStaticSetting

الضوابط التعويضية:

6. نشر قواعد WAF لحجب الطلبات ذات قيم معامل 'page' المريبة

7. تطبيق التحقق الصارم من صحة المدخلات على محيط الشبكة

8. تفعيل التسجيل التفصيلي على الأجهزة المتأثرة وإعادة توجيه السجلات إلى SIEM

9. تقييد الوصول الإداري إلى واجهات إدارة الموجه عبر القائمة البيضاء للعناوين

10. النظر في استبدال الأجهزة المتأثرة بدائل معدلة من Tenda أو بائعين آخرين

قواعد الكشف:

11. مراقبة طلبات POST إلى /goform/NatStaticSetting بمعاملات 'page' كبيرة الحجم

12. التنبيه على أي محاولات تنفيذ أكواد ناجحة من واجهات إدارة الموجه

13. تتبع امتثال إصدار البرنامج الثابت عبر جرد الشبكة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.2.1 - Monitoring and logging of network access

🔵 SAMA CSF

SAMA CSF ID.BE-1 - Asset management and inventory SAMA CSF PR.IP-12 - Security patch management SAMA CSF DE.CM-1 - Detection and monitoring systems

🟡 ISO 27001:2022

ISO 27001:2022 A.12.2.1 - Monitoring and logging ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.14.2.1 - Secure development and change management

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security patch management PCI DSS 11.2 - Vulnerability scanning and assessment

🔗 References & Sources 5

🔗

https://github.com/cve-a/lvdan/issues/5

cna@vuldb.com

🔗

https://vuldb.com/submit/792785

cna@vuldb.com

🔗

https://vuldb.com/vuln/355514

cna@vuldb.com

🔗

https://vuldb.com/vuln/355514/cti

cna@vuldb.com

🔗

https://www.tenda.com.cn/

cna@vuldb.com

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

8.5

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-5687

💬 Comments

Introduce Yourself

Sign In Required