Skip to main content

Tenda BE12 Pro CVE-2026-15692

| EUVDEUVD-2026-43667 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-07-14 VulDB GHSA-cxw3-26xc-7ppc
7.4
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Remotely reachable web endpoint (AV:N/AC:L) requiring a low-privilege authenticated session (PR:L), no user interaction; root-level httpd overflow yields full C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jul 14, 2026 - 13:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 14, 2026 - 13:22 vuln.today
cvss_changed
CVSS changed
Jul 14, 2026 - 13:22 NVD
8.7 (HIGH) 7.4 (HIGH)
Analysis Generated
Jul 14, 2026 - 13:00 vuln.today
CVE Published
Jul 14, 2026 - 12:30 cve.org
HIGH 8.7

DescriptionCVE.org

A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

Stack-based buffer overflow in the Tenda BE12 Pro router firmware 16.03.66.23 lets an authenticated remote attacker corrupt memory via the fromSafeUrlFilter handler at /goform/SafeUrlFilter by supplying an oversized 'page' parameter. Publicly available exploit code exists (published via VulDB), though the flaw is not listed in CISA KEV and no active exploitation has been confirmed. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach router web interface
Delivery
Authenticate with low-privilege/default credentials
Exploit
POST oversized 'page' to /goform/SafeUrlFilter
Execution
Overflow stack buffer in fromSafeUrlFilter
Persist
Overwrite saved return address
Impact
Execute code as root or crash httpd

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the router's HTTP management service and a low-privilege authenticated session (CVSS PR:L), then a single request to the /goform/SafeUrlFilter endpoint invoking the fromSafeUrlFilter function with an overlong 'page' parameter - this specific endpoint and parameter ARE the trigger condition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-style CVSS 4.0 score is 7.4 (High) with AV:N/AC:L/AT:N/PR:L/UI:N and VC:H/VI:H/VA:H, meaning remote reachability, low complexity, no user interaction, but a requirement for low-level authentication (an existing session or valid credentials on the web UI). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the router's web interface and holds (or obtains via default/weak credentials) a low-privilege session sends a crafted POST to /goform/SafeUrlFilter with an oversized 'page' argument, overflowing the stack buffer in fromSafeUrlFilter. This overwrites the saved return address to hijack execution as root or crash the httpd daemon, and a public proof-of-concept demonstrating the overflow is already available on GitHub.
Remediation No vendor-released patch identified at time of analysis - the references point only to the VulDB disclosure and a public GitHub PoC, not a fixed firmware release, so no exact fix version can be cited. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, restrict administrative access to affected Tenda BE12 Pro routers to trusted internal IP ranges only and audit recent authentication logs for anomalous activity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15692 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy