CVE-2026-15696 in BE12 Proinfo

Summary

by MITRE • 07/14/2026

A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. The impacted element is the function fromVirtualSer of the file /goform/VirtualSer. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/14/2026

The vulnerability identified in Tenda BE12 Pro firmware version 16.03.66.23 represents a critical stack-based buffer overflow condition within the device's web interface management system. This flaw resides in the fromVirtualSer function located within the /goform/VirtualSer file, which serves as a crucial component for handling virtual server configurations through the device's graphical user interface. The vulnerability stems from inadequate input validation and bounds checking when processing the page argument parameter, creating an exploitable condition that allows attackers to manipulate memory layout through crafted input sequences.

The technical implementation of this vulnerability demonstrates a classic stack-based buffer overflow scenario where malicious input exceeding the allocated buffer space in memory causes arbitrary code execution or system instability. The fromVirtualSer function fails to properly validate the length and content of the page parameter before processing, enabling attackers to overwrite adjacent stack memory locations with specially crafted payloads. This type of vulnerability falls under CWE-121 which specifically addresses stack-based buffer overflow conditions where insufficient bounds checking allows data to be written beyond allocated buffer boundaries. The remote exploitation capability means that an attacker can trigger this vulnerability without physical access to the device, making it particularly dangerous for network-connected IoT devices.

The operational impact of this vulnerability extends beyond simple denial-of-service scenarios, as successful exploitation could enable full system compromise including arbitrary code execution, privilege escalation, and potential persistence mechanisms. Attackers could leverage this vulnerability to gain unauthorized administrative access to the router, potentially compromising the entire network infrastructure that relies on the device for connectivity and security controls. This represents a significant threat to enterprise and home networks since routers often serve as primary gateways and security enforcement points in network architectures. The public disclosure of exploit code increases the likelihood of widespread exploitation across vulnerable installations, particularly given the common deployment of this firmware version in consumer and small business environments where security updates may not be regularly applied.

Mitigation strategies should prioritize immediate firmware updates from Tenda to address the identified buffer overflow condition and implement proper input validation mechanisms. Network segmentation and access control measures should be deployed to limit exposure of vulnerable devices to untrusted networks, while monitoring systems should be configured to detect anomalous traffic patterns associated with exploitation attempts. The vulnerability aligns with ATT&CK technique T1059 which covers command and scripting interpreter usage, as successful exploitation would likely involve executing malicious commands through the compromised device's interface. Organizations should also consider implementing intrusion detection systems that can identify malformed requests targeting the specific vulnerable endpoint and establish regular security assessment procedures to identify similar vulnerabilities in other network infrastructure components.

Responsible

VulDB

Disclosure

07/14/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00000

KEV

no

Activities

low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!