CVE-2026-15691
Tenda · BE12 Pro
A stack-based buffer overflow vulnerability in the Tenda BE12 Pro router allows for potential memory corruption.
Executive summary
A critical memory corruption vulnerability in the Tenda BE12 Pro router allows authenticated attackers to potentially execute arbitrary code.
Vulnerability
This vulnerability is caused by a stack-based buffer overflow, classified as CWE-121 and CWE-119. It requires the attacker to have low-level privileges (authenticated access) to trigger the memory corruption.
Business impact
The successful exploitation of this vulnerability could lead to a complete compromise of the router's functionality, potentially resulting in unauthorized access to the network or a total denial of service. Given the high CVSS score of 8.8, this flaw represents a significant risk to operational continuity and network security, particularly if the device serves as a primary gateway.
Remediation
Immediate Action: Monitor the official Tenda support portal for firmware releases and apply the security update as soon as a patch is issued.
Proactive Monitoring: Review device access logs for unusual administrative activity or repeated connection attempts that may indicate exploitation efforts.
Compensating Controls: Restrict administrative access to the router interface to trusted internal IP addresses only, and ensure the device is not reachable from the public internet.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Organizations utilizing the Tenda BE12 Pro should treat this vulnerability with high priority. While a specific patch version is currently pending, administrators must implement network-level access controls immediately to mitigate the risk of exploitation by authenticated users.