CVE-2026-15693

Tenda · BE12 Pro

A stack-based buffer overflow vulnerability exists in Tenda BE12 Pro firmware version 16.03.66.23, which could allow an authenticated attacker to trigger memory corruption.

Executive summary

A memory corruption vulnerability in the Tenda BE12 Pro router presents a high risk of system compromise for authenticated users.

Vulnerability

This vulnerability involves a stack-based buffer overflow (CWE-121) and subsequent memory corruption (CWE-119). It is exploitable by an authenticated user with low privileges.

Business impact

Exploitation of this memory corruption vulnerability could result in unauthorized administrative control or severe service disruption. The CVSS score of 8.8 reflects the high danger associated with such flaws in networking equipment, as they can lead to the loss of control over critical infrastructure components.

Remediation

Immediate Action: Check the Tenda website for official firmware updates and apply the latest security patches once released.

Proactive Monitoring: Review security logs for indicators of memory corruption, such as recurring process crashes or unexpected service restarts.

Compensating Controls: Configure access control lists to limit administrative access to the router to trusted, secure internal workstations.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Due to the high severity and the presence of a proof-of-concept, it is imperative to mitigate this risk. Ensure that all firmware is kept up to date and that account security policies are strictly enforced to prevent low-privilege users from gaining the access required to trigger this vulnerability.