Skip to main content

Be12 Pro

6 CVEs product

Monthly

CVE-2026-15696 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) allows remote attackers to corrupt memory via the fromVirtualSer handler for the /goform/VirtualSer endpoint by supplying an oversized 'page' argument. The flaw carries CVSS 4.0 7.4 and, per its vector, requires low-level privileges (PR:L); publicly available exploit code exists, though there is no public exploit identified as actively used in the wild (not in CISA KEV). Successful exploitation can crash the device or potentially lead to arbitrary code execution on the embedded MIPS/ARM firmware.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-15695 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets an attacker corrupt the stack by supplying an oversized 'page' argument to the /goform/DhcpListClient web endpoint handled by the fromDhcpListClient function. The flaw is reachable over the network and publicly available exploit code exists (disclosed via VulDB), though it is not listed in CISA KEV and no EPSS score was provided. Per the supplied CVSS 4.0 vector (PR:L) the attack requires low-level authentication to the device, and successful exploitation can crash the router or potentially achieve arbitrary code execution.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-15694 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) lets attackers corrupt memory by manipulating the 'page' argument passed to the fromSetIpBind function of the /goform/SetIpBind endpoint. The flaw is remotely reachable over the network and, per the CVSS 4.0 vector, requires low-level privileges (PR:L) while yielding high confidentiality, integrity, and availability impact - typically resulting in device crash or arbitrary code execution on the router. Publicly available exploit code exists (E:P), disclosed via VulDB, though it is not listed in CISA KEV.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-15693 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets remote attackers corrupt memory by manipulating the 'page' argument of the fromSafeMacFilter handler at /goform/SafeMacFilter. Publicly available exploit code exists, though there is no public exploit identified as being used in active campaigns and it is not listed in CISA KEV. Successful exploitation can crash the device or potentially achieve code execution on the router's embedded OS. EPSS data was not provided.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-15692 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router firmware 16.03.66.23 lets an authenticated remote attacker corrupt memory via the fromSafeUrlFilter handler at /goform/SafeUrlFilter by supplying an oversized 'page' parameter. Publicly available exploit code exists (published via VulDB), though the flaw is not listed in CISA KEV and no active exploitation has been confirmed. The CVSS 4.0 vector (7.4, PR:L) indicates network reachability with low-privilege authentication and high impact to confidentiality, integrity, and availability of the device.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-15691 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro (firmware 16.03.66.23) web management interface lets an attacker corrupt memory by supplying an oversized 'page' argument to the fromSafeClientFilter handler at /goform/SafeClientFilter, potentially crashing the device or executing arbitrary code with router privileges. Per the CVSS 4.0 vector the flaw is network-reachable but requires low-level privileges (PR:L). Publicly available exploit code exists (disclosed via VulDB), but there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
EPSS 1% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) allows remote attackers to corrupt memory via the fromVirtualSer handler for the /goform/VirtualSer endpoint by supplying an oversized 'page' argument. The flaw carries CVSS 4.0 7.4 and, per its vector, requires low-level privileges (PR:L); publicly available exploit code exists, though there is no public exploit identified as actively used in the wild (not in CISA KEV). Successful exploitation can crash the device or potentially lead to arbitrary code execution on the embedded MIPS/ARM firmware.

Tenda Buffer Overflow Stack Overflow +1
NVD VulDB GitHub
EPSS 1% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets an attacker corrupt the stack by supplying an oversized 'page' argument to the /goform/DhcpListClient web endpoint handled by the fromDhcpListClient function. The flaw is reachable over the network and publicly available exploit code exists (disclosed via VulDB), though it is not listed in CISA KEV and no EPSS score was provided. Per the supplied CVSS 4.0 vector (PR:L) the attack requires low-level authentication to the device, and successful exploitation can crash the router or potentially achieve arbitrary code execution.

Tenda Buffer Overflow Stack Overflow +1
NVD VulDB GitHub
EPSS 1% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) lets attackers corrupt memory by manipulating the 'page' argument passed to the fromSetIpBind function of the /goform/SetIpBind endpoint. The flaw is remotely reachable over the network and, per the CVSS 4.0 vector, requires low-level privileges (PR:L) while yielding high confidentiality, integrity, and availability impact - typically resulting in device crash or arbitrary code execution on the router. Publicly available exploit code exists (E:P), disclosed via VulDB, though it is not listed in CISA KEV.

Tenda Buffer Overflow Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets remote attackers corrupt memory by manipulating the 'page' argument of the fromSafeMacFilter handler at /goform/SafeMacFilter. Publicly available exploit code exists, though there is no public exploit identified as being used in active campaigns and it is not listed in CISA KEV. Successful exploitation can crash the device or potentially achieve code execution on the router's embedded OS. EPSS data was not provided.

Tenda Buffer Overflow Stack Overflow +1
NVD VulDB GitHub
EPSS 1% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router firmware 16.03.66.23 lets an authenticated remote attacker corrupt memory via the fromSafeUrlFilter handler at /goform/SafeUrlFilter by supplying an oversized 'page' parameter. Publicly available exploit code exists (published via VulDB), though the flaw is not listed in CISA KEV and no active exploitation has been confirmed. The CVSS 4.0 vector (7.4, PR:L) indicates network reachability with low-privilege authentication and high impact to confidentiality, integrity, and availability of the device.

Tenda Buffer Overflow Stack Overflow +1
NVD VulDB GitHub
EPSS 1% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro (firmware 16.03.66.23) web management interface lets an attacker corrupt memory by supplying an oversized 'page' argument to the fromSafeClientFilter handler at /goform/SafeClientFilter, potentially crashing the device or executing arbitrary code with router privileges. Per the CVSS 4.0 vector the flaw is network-reachable but requires low-level privileges (PR:L). Publicly available exploit code exists (disclosed via VulDB), but there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV.

Tenda Buffer Overflow Stack Overflow +1
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy