CVE-2026-15691

Tenda · BE12 Pro

A stack-based buffer overflow vulnerability in the Tenda BE12 Pro router allows for potential memory corruption.

Executive summary

A critical memory corruption vulnerability in the Tenda BE12 Pro router allows authenticated attackers to potentially execute arbitrary code.

Vulnerability

This vulnerability is caused by a stack-based buffer overflow, classified as CWE-121 and CWE-119. It requires the attacker to have low-level privileges (authenticated access) to trigger the memory corruption.

Business impact

The successful exploitation of this vulnerability could lead to a complete compromise of the router's functionality, potentially resulting in unauthorized access to the network or a total denial of service. Given the high CVSS score of 8.8, this flaw represents a significant risk to operational continuity and network security, particularly if the device serves as a primary gateway.

Remediation

Immediate Action: Monitor the official Tenda support portal for firmware releases and apply the security update as soon as a patch is issued.

Proactive Monitoring: Review device access logs for unusual administrative activity or repeated connection attempts that may indicate exploitation efforts.

Compensating Controls: Restrict administrative access to the router interface to trusted internal IP addresses only, and ensure the device is not reachable from the public internet.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Organizations utilizing the Tenda BE12 Pro should treat this vulnerability with high priority. While a specific patch version is currently pending, administrators must implement network-level access controls immediately to mitigate the risk of exploitation by authenticated users.