CVE-2026-15691 in BE12 Pro
Summary
by MITRE • 07/14/2026
A security flaw has been discovered in Tenda BE12 Pro 16.03.66.23. This affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/14/2026
This vulnerability resides within the Tenda BE12 Pro router firmware version 16.03.66.23, specifically targeting the /goform/SafeClientFilter endpoint which handles client filtering functionality. The flaw manifests in the fromSafeClientFilter function where improper input validation allows attackers to manipulate the page argument parameter. This oversight creates a stack-based buffer overflow condition that can be triggered through remote exploitation, making it particularly dangerous as it does not require physical access or local network presence to compromise the device.
The technical implementation of this vulnerability follows a classic stack buffer overflow pattern where insufficient bounds checking permits an attacker to write data beyond the allocated memory space for the page argument variable. This occurs because the firmware fails to properly validate or sanitize input parameters before processing them within the vulnerable function. The attack vector is entirely remote, meaning malicious actors can exploit this weakness from outside the local network without requiring authentication or direct access to the device. The public availability of exploitation tools further amplifies the risk, as demonstrated by the release of working exploits that can be readily deployed by threat actors.
The operational impact of this vulnerability extends beyond simple device compromise, as it can lead to complete system takeover and persistent access for attackers. Once exploited, the buffer overflow allows for arbitrary code execution, potentially enabling attackers to install backdoors, modify network configurations, or establish persistent command and control channels. The router's role as a central network gateway makes this particularly concerning from a security perspective, as compromise of the device can provide attackers with privileged access to all connected devices within the local network segment. This vulnerability directly maps to CWE-121 Stack-based Buffer Overflow and aligns with ATT&CK technique T1059.007 for Command and Scripting Interpreter, as successful exploitation would enable remote command execution capabilities.
Mitigation strategies should focus on immediate firmware updates from Tenda to address the identified buffer overflow vulnerability, while network administrators should implement strict firewall rules to restrict access to the affected endpoint and monitor for unusual traffic patterns. Additional protective measures include network segmentation to limit lateral movement, regular security audits of network infrastructure, and implementation of intrusion detection systems that can identify exploitation attempts targeting known vulnerabilities. Organizations should also consider deploying network access control measures and ensuring that all network devices maintain current firmware versions to prevent similar vulnerabilities from being exploited in their environments.