Skip to main content

Tenda BE12 Pro CVE-2026-15694

| EUVDEUVD-2026-43680 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-07-14 VulDB GHSA-r3cq-fh59-3m7p
7.4
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable goform endpoint with low complexity, but the management interface requires low-privilege authentication (PR:L); memory-corruption RCE yields full C/I/A impact on the device.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jul 14, 2026 - 15:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 14, 2026 - 15:22 vuln.today
cvss_changed
CVSS changed
Jul 14, 2026 - 15:22 NVD
8.7 (HIGH) 7.4 (HIGH)
Analysis Generated
Jul 14, 2026 - 14:45 vuln.today
CVE Published
Jul 14, 2026 - 14:15 cve.org
HIGH 8.7

DescriptionCVE.org

A vulnerability was detected in Tenda BE12 Pro 16.03.66.23. Impacted is the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.

AnalysisAI

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) lets attackers corrupt memory by manipulating the 'page' argument passed to the fromSetIpBind function of the /goform/SetIpBind endpoint. The flaw is remotely reachable over the network and, per the CVSS 4.0 vector, requires low-level privileges (PR:L) while yielding high confidentiality, integrity, and availability impact - typically resulting in device crash or arbitrary code execution on the router. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach router web management interface
Delivery
Authenticate with low-privilege/admin access
Exploit
Send crafted request to /goform/SetIpBind with oversized 'page'
Execution
Overflow stack buffer in fromSetIpBind
Persist
Overwrite return address / execute code
Impact
Gain control of router or crash service

Vulnerability AssessmentAI

Exploitation Exploitation requires reaching the /goform/SetIpBind endpoint on a Tenda BE12 Pro (firmware 16.03.66.23) and supplying an oversized value in the 'page' argument to trigger the fromSetIpBind stack overflow. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to the router's web interface (e.g., via the LAN, a weak/default admin credential, or an exposed management port) sends a crafted request to /goform/SetIpBind with an oversized 'page' parameter, overflowing the stack buffer in fromSetIpBind. This crashes the management daemon (denial of service) or, given the typically weak mitigations on embedded firmware, is leveraged to execute attacker-controlled code on the device. …
Remediation No vendor-released patch identified at time of analysis - Tenda has not published a fixed firmware version in the provided data, so monitor https://www.tenda.com.cn/ for a firmware update superseding 16.03.66.23 and apply it once released. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, audit all network inventory to identify and document Tenda BE12 Pro routers currently deployed, with specific attention to those running firmware version 16.03.66.23. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15694 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy