Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable goform endpoint with low complexity; PR:L reflects the authenticated access stated in the vector; a stack overflow plausibly yields full RCE, so C/I/A:H.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
AnalysisAI
Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets an attacker corrupt the stack by supplying an oversized 'page' argument to the /goform/DhcpListClient web endpoint handled by the fromDhcpListClient function. The flaw is reachable over the network and publicly available exploit code exists (disclosed via VulDB), though it is not listed in CISA KEV and no EPSS score was provided. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the ability to send an HTTP request with an attacker-controlled 'page' parameter to the /goform/DhcpListClient endpoint of the fromDhcpListClient handler on a Tenda BE12 Pro running firmware 16.03.66.23. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and should be weighted carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privilege access to the router's web interface - or, if the endpoint is exposed to the WAN or an adjacent network, a remote attacker who reaches it - sends a crafted HTTP request to /goform/DhcpListClient with an oversized 'page' argument. This overflows a stack buffer in fromDhcpListClient, crashing the router (DoS) or, given published POC code and typical SOHO mitigation gaps, potentially executing attacker-supplied code to take control of the device. |
| Remediation | No vendor-released patch identified at time of analysis; no fixed firmware version is cited in the available data, so monitor https://www.tenda.com.cn/ for a firmware update for the BE12 Pro superseding 16.03.66.23 and apply it once published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: audit your network inventory to identify all Tenda BE12 Pro routers and verify their firmware versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) allows remote attackers to corrupt memor
Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) lets attackers corrupt memory by manipul
Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets remote attackers corrupt memo
Stack-based buffer overflow in the Tenda BE12 Pro router firmware 16.03.66.23 lets an authenticated remote attacker corr
Stack-based buffer overflow in the Tenda BE12 Pro (firmware 16.03.66.23) web management interface lets an attacker corru
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43686
GHSA-g3hf-vcqh-qj2p