CVE-2026-13515

HIGH NVD

CVSS Score 8.8

Severity HIGH

Published Jun 29, 2026

Vendor unknown

Description

A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

References

https://github.com/cve-a/Vampirensa/issues/1
https://vuldb.com/cve/CVE-2026-13515
https://vuldb.com/submit/838885
https://vuldb.com/vuln/374523
https://vuldb.com/vuln/374523/cti