Stack-Based Buffer Overflow in Tenda JD12L Router

Impact Analysis

This vulnerability can have serious impacts including Denial of Service (DoS) by crashing the router's web server, arbitrary code execution allowing attackers to take control of the device, and potential information leakage from the device's memory.

An attacker exploiting this vulnerability could monitor network traffic, manipulate router functions, or use the compromised router as a pivot point to attack other devices on the network.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-13518 is a stack-based buffer overflow vulnerability found in the Tenda JD12L Pro router firmware version 16.03.53.23. It occurs in the fromAddressNat function within the /goform/addressNat endpoint, where the user-controlled 'page' parameter is processed using the unsafe sprintf function without proper length validation.

Because the buffer used to store this input is fixed at 256 bytes, sending input larger than this size can overwrite adjacent memory. This can lead to application crashes, memory corruption, or arbitrary code execution.

The vulnerability can be exploited remotely without authentication by sending a specially crafted POST request with an oversized 'page' parameter, potentially allowing attackers to crash the device or execute malicious code.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by sending a specially crafted POST request to the /goform/addressNat endpoint of the Tenda JD12L Pro router running firmware version V16.03.53.23. The request should include an oversized 'page' parameter (e.g., 2048 bytes) which triggers the buffer overflow.

A practical detection method is to use a command-line tool like curl or a Python script to send this POST request and observe if the device crashes or behaves abnormally, indicating the presence of the vulnerability.

• Example curl command to test the vulnerability: curl -X POST -d "page=$(python3 -c 'print("A"*2048)')" http://<router-ip>/goform/addressNat
• Alternatively, use a Python script to send a POST request with a large 'page' parameter to check for crashes or unexpected behavior.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include avoiding exposure of the vulnerable endpoint to untrusted networks and restricting access to the router's management interface.

If possible, update the router firmware to a version where the vulnerability is fixed by replacing unsafe functions like sprintf with safer alternatives such as snprintf, implementing strict input length checks, and validating user input.

In the absence of an official patch, consider disabling remote management features or isolating the device within a secure network segment to reduce the risk of exploitation.

Additionally, monitor the device for unusual behavior such as crashes or unexpected reboots, which may indicate exploitation attempts.

Useful 0 Not Useful 0