CVE-2026-15692 in BE12 Pro
Summary
by MITRE • 07/14/2026
A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/14/2026
The vulnerability in Tenda BE12 Pro 16.03.66.23 resides within the SafeUrlFilter functionality of the device's web interface, specifically in the fromSafeUrlFilter function located at /goform/SafeUrlFilter. This weakness represents a critical security flaw that allows remote attackers to manipulate the page argument parameter and subsequently trigger a stack-based buffer overflow condition. The affected device operates with a web-based management interface that processes user input through the vulnerable function, creating an attack surface that can be exploited without requiring physical access or local privileges.
The technical implementation of this vulnerability stems from inadequate input validation within the SafeUrlFilter function, which fails to properly sanitize or limit the length of the page parameter before processing it in memory. When an attacker supplies a maliciously crafted page argument exceeding the allocated buffer size on the stack, the excess data overflows into adjacent memory locations, potentially corrupting program execution flow and allowing arbitrary code execution. This type of vulnerability falls under the Common Weakness Enumeration category CWE-121, which specifically addresses stack-based buffer overflow conditions that occur when insufficient bounds checking is performed on buffer operations.
The operational impact of this vulnerability extends beyond simple remote code execution to encompass a broad range of potential attacks against network infrastructure. Attackers can leverage this weakness to gain unauthorized access to the device's administrative interface, potentially leading to complete compromise of the router's network configuration and control over all connected devices. The public availability of exploits for this vulnerability significantly increases the risk profile, as it removes the requirement for advanced technical skills or specialized tools to conduct attacks against affected devices in the wild. This makes the vulnerability particularly dangerous in enterprise environments where multiple devices may be simultaneously exposed to attack.
Mitigation strategies should prioritize immediate firmware updates from Tenda to address the identified buffer overflow issue through proper input validation and bounds checking mechanisms. Network administrators should implement additional protective measures including firewall rules that restrict access to the device's management interface, network segmentation to isolate affected routers, and monitoring for suspicious traffic patterns that may indicate exploitation attempts. The vulnerability aligns with ATT&CK technique T1210 which describes exploitation of remote services through buffer overflow attacks, emphasizing the need for comprehensive defensive measures including regular security assessments, network intrusion detection systems, and endpoint protection solutions. Organizations should also consider implementing zero-trust network architectures that minimize the attack surface by limiting access to critical network infrastructure based on strict authentication and authorization policies rather than relying solely on perimeter-based security controls.