PatchSiren cyber security CVE debrief
CVE-2026-11504 Tenda CVE debrief
A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
- Vendor
- Tenda
- Product
- CX12L
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of Tenda CX12L 16.03.53.12 should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is a stack-based buffer overflow in the setSchedWifi function of /goform/openSchedWifi. This occurs when the schedStartTime and schedEndTime arguments are manipulated.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the Wi-Fi Schedule Configuration Endpoint.
- Monitor network traffic for suspicious activity.
Evidence notes
The CVE record and details were obtained from official sources.
Official resources
CVE-2026-11504 was published on 2026-06-08T12:16:30.580Z and modified on 2026-06-08T14:57:14.757Z.