CVE-2026-15696

Tenda · BE12 Pro

A stack-based buffer overflow vulnerability exists in Tenda BE12 Pro firmware version 16.03.66.23, which could allow an authenticated attacker to trigger memory corruption.

Executive summary

A memory corruption vulnerability in the Tenda BE12 Pro router presents a high risk of system compromise for authenticated users.

Vulnerability

This is a stack-based buffer overflow (CWE-121) resulting in memory corruption (CWE-119). The vulnerability is reachable by an attacker with low privileges (PR:L) over the network.

Business impact

Successful exploitation of this memory corruption flaw can lead to a complete compromise of the router, causing service disruption or potential unauthorized access to network traffic. With a CVSS score of 8.8, this vulnerability is classified as high severity, reflecting the potential for total loss of confidentiality, integrity, and availability of the affected device.

Remediation

Immediate Action: Check the Tenda official support portal for firmware updates addressing this vulnerability and apply them immediately.

Proactive Monitoring: Monitor system logs for unauthorized configuration changes or unexpected device reboots, which may indicate exploitation attempts.

Compensating Controls: Restrict management interface access to trusted internal IP addresses and disable remote management features to reduce the attack surface.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Given the high CVSS score and the existence of a proof-of-concept, users must prioritize securing their Tenda BE12 Pro devices. Apply the latest firmware updates as soon as they become available and ensure that administrative access to the device is restricted to authorized personnel only.