CVE-2026-15695 in BE12 Proinfo

Summary

by MITRE • 07/14/2026

A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/14/2026

The vulnerability identified in Tenda BE12 Pro router firmware version 16.03.66.23 represents a critical stack-based buffer overflow flaw within the dhcp list client functionality. This security weakness exists in the specific function fromDhcpListClient located in the file /goform/DhcpListClient, which forms part of the web interface management system for the device. The vulnerability arises from improper input validation when processing the page argument parameter, creating an exploitable condition that allows attackers to manipulate memory allocation on the stack.

The technical nature of this flaw aligns with CWE-121 Stack-based Buffer Overflow, where insufficient bounds checking permits an attacker to write beyond the allocated buffer space and overwrite adjacent memory locations including return addresses and control data. This particular implementation exposes the device to remote exploitation since the vulnerable function is accessible through the web interface without requiring physical access or authentication. The attack vector operates entirely over network protocols, making it particularly dangerous as it can be executed from any location with network connectivity to the affected device.

The operational impact of this vulnerability extends beyond simple privilege escalation as it creates a potential pathway for complete system compromise. An attacker who successfully exploits this buffer overflow could gain arbitrary code execution capabilities on the router's embedded operating system, potentially enabling them to install malicious firmware, redirect traffic through the device, or use it as a pivot point for attacks against other devices within the local network. The fact that exploitation has been published and is actively available increases the risk profile significantly, as it removes the need for advanced exploitation techniques or zero-day knowledge.

The presence of this vulnerability in the management interface creates a particularly concerning threat landscape since routers serve as foundational network infrastructure components. Network administrators should immediately implement mitigations including firmware updates from Tenda if available, network segmentation to isolate critical devices, and monitoring for suspicious traffic patterns that might indicate exploitation attempts. Additionally, organizations should consider implementing intrusion detection systems that can identify attempts to access the vulnerable /goform/DhcpListClient endpoint and deploy network access controls to restrict access to administrative interfaces from untrusted networks as recommended in the mitre ATT&CK framework's network infiltration techniques.

Responsible

VulDB

Disclosure

07/14/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00000

KEV

no

Activities

low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!