Skip to main content

Tenda BE12 Pro CVE-2026-15695

| EUVDEUVD-2026-43686 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-07-14 VulDB GHSA-g3hf-vcqh-qj2p
7.4
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable goform endpoint with low complexity; PR:L reflects the authenticated access stated in the vector; a stack overflow plausibly yields full RCE, so C/I/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jul 14, 2026 - 15:32 vuln.today
CVSS changed
Jul 14, 2026 - 15:22 NVD
8.7 (HIGH) 7.4 (HIGH)
CVE Published
Jul 14, 2026 - 14:30 cve.org
HIGH 7.4

DescriptionCVE.org

A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

AnalysisAI

Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets an attacker corrupt the stack by supplying an oversized 'page' argument to the /goform/DhcpListClient web endpoint handled by the fromDhcpListClient function. The flaw is reachable over the network and publicly available exploit code exists (disclosed via VulDB), though it is not listed in CISA KEV and no EPSS score was provided. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach router web interface with low-priv access
Delivery
Send crafted /goform/DhcpListClient request
Exploit
Overflow 'page' argument into stack buffer
Execution
Overwrite saved return address
Persist
Crash device or execute code
Impact
Gain control of router

Vulnerability AssessmentAI

Exploitation Exploitation requires the ability to send an HTTP request with an attacker-controlled 'page' parameter to the /goform/DhcpListClient endpoint of the fromDhcpListClient handler on a Tenda BE12 Pro running firmware 16.03.66.23. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and should be weighted carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege access to the router's web interface - or, if the endpoint is exposed to the WAN or an adjacent network, a remote attacker who reaches it - sends a crafted HTTP request to /goform/DhcpListClient with an oversized 'page' argument. This overflows a stack buffer in fromDhcpListClient, crashing the router (DoS) or, given published POC code and typical SOHO mitigation gaps, potentially executing attacker-supplied code to take control of the device.
Remediation No vendor-released patch identified at time of analysis; no fixed firmware version is cited in the available data, so monitor https://www.tenda.com.cn/ for a firmware update for the BE12 Pro superseding 16.03.66.23 and apply it once published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: audit your network inventory to identify all Tenda BE12 Pro routers and verify their firmware versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15695 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy