A vulnerability categorized as critical has been discovered in Tenda JD12L 16.03.53.23 . Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg . Such manipulation of the argument startIp leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-13515 . The attack can be launched remotely. Moreover, an exploit is present.