Stack-Based Buffer Overflow in Tenda BE12 Pro by Tenda Electronics
CVE-2026-15696
Key Information:
Badges
What is CVE-2026-15696?
A significant vulnerability exists in the Tenda BE12 Pro, specifically within the fromVirtualSer function of the /goform/VirtualSer component. This vulnerability allows for manipulation of the input parameters, potentially leading to a stack-based buffer overflow. As a result, attackers can execute remote exploits, posing severe risks if left unmitigated. The details about the vulnerability have been publicly disclosed, emphasizing the urgent need for users to secure their devices against potential exploitation.
Affected Version(s)
BE12 Pro 16.03.66.23
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved