Skip to main content

Tenda BE12 Pro CVE-2026-15693

| EUVDEUVD-2026-43677 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-07-14 VulDB GHSA-5w66-g5mr-5v9h
7.4
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable low-complexity overflow needing a low-privilege web-admin session (PR:L); memory-corruption on the device gives high C/I/A with no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jul 14, 2026 - 14:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 14, 2026 - 14:22 vuln.today
cvss_changed
CVSS changed
Jul 14, 2026 - 14:22 NVD
8.7 (HIGH) 7.4 (HIGH)
Analysis Generated
Jul 14, 2026 - 14:15 vuln.today
CVE Published
Jul 14, 2026 - 13:15 cve.org
HIGH 8.7

DescriptionCVE.org

A security vulnerability has been detected in Tenda BE12 Pro 16.03.66.23. This issue affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

AnalysisAI

Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets remote attackers corrupt memory by manipulating the 'page' argument of the fromSafeMacFilter handler at /goform/SafeMacFilter. Publicly available exploit code exists, though there is no public exploit identified as being used in active campaigns and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach router web UI with low-priv session
Delivery
Send crafted request to /goform/SafeMacFilter
Exploit
Overflow stack buffer via oversized 'page'
Execution
Overwrite saved return address
Impact
Crash device or execute code on embedded OS

Vulnerability AssessmentAI

Exploitation Exploitation requires reaching the router's HTTP management interface and invoking the fromSafeMacFilter handler at /goform/SafeMacFilter with a manipulated 'page' argument; the CVSS vector's PR:L means a low-privilege authenticated session on the management UI is required, and UI:N means no victim interaction is needed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N, VC:H/VI:H/VA:H, base 7.4, E:P) indicates a network-reachable, low-complexity attack requiring some level of authentication (PR:L) and no user interaction, with high impact to confidentiality, integrity, and availability of the vulnerable system but no scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege access to the router's web interface (for example an authenticated user on the LAN, or via an internet-exposed management port if WAN management is enabled) sends a crafted HTTP request to /goform/SafeMacFilter with an oversized 'page' parameter. The overlong value overflows a fixed stack buffer in fromSafeMacFilter, overwriting the return address; given low attack complexity and a publicly available POC, this reliably crashes the device and may be developed into remote code execution on the embedded OS.
Remediation No vendor-released patch identified at time of analysis - no fixed firmware version is cited in the source data, so monitor Tenda (https://www.tenda.com.cn/) and the VulDB entry (https://vuldb.com/vuln/378240) for an updated build and apply it once released. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Tenda BE12 Pro routers in production and document firmware versions; restrict access to router management interfaces (HTTP/HTTPS) to authorized administrative networks only using firewall rules. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15693 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy