CVE-2026-15694
Tenda · BE12 Pro
A stack-based buffer overflow vulnerability exists in Tenda BE12 Pro firmware version 16.03.66.23, which could allow an authenticated attacker to trigger memory corruption.
Executive summary
A critical memory corruption vulnerability in the Tenda BE12 Pro router poses a significant risk of system instability or unauthorized control for authenticated users.
Vulnerability
This flaw is identified as a stack-based buffer overflow (CWE-121) leading to memory corruption (CWE-119). It requires an authenticated user with low privileges to trigger the vulnerable function.
Business impact
The potential for memory corruption on network infrastructure devices creates a high risk of service denial and potential remote code execution. The CVSS score of 8.8 highlights the critical nature of this flaw, as it allows an authenticated attacker to impact the fundamental integrity and availability of the networking hardware.
Remediation
Immediate Action: Regularly monitor the vendor support page for patch releases and apply the update to version 16.03.66.23 or newer as soon as it is provided.
Proactive Monitoring: Audit network logs for anomalous traffic patterns or unexpected administrative actions originating from low-privilege accounts.
Compensating Controls: Implement network segmentation to isolate the management interface of the router from general user traffic.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
The severity of this issue necessitates immediate attention from network administrators. Until a patch is deployed, restrict access to the device management interface to minimize the risk posed by potential attackers who have obtained low-level user credentials.