2026-07-14 12:30CVE-2026-15692VulDB
PUBLISHED5.2HardwareCWE-121CWE-119

Tenda BE12 Pro SafeUrlFilter fromSafeUrlFilter stack-based overflow

A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Problem type

Affected products

Tenda

BE12 Pro

16.03.66.23 - AFFECTED

References

GitHub Security Advisories

GHSA-cxw3-26xc-7ppc

A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the...

https://github.com/advisories/GHSA-cxw3-26xc-7ppc

A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-15692
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-15692",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-07-14T12:30:10.831Z",
    "dateReserved": "2026-07-14T04:58:11.929Z",
    "datePublished": "2026-07-14T12:30:10.831Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-07-14T12:30:10.831Z"
      },
      "title": "Tenda BE12 Pro SafeUrlFilter fromSafeUrlFilter stack-based overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks."
        }
      ],
      "affected": [
        {
          "vendor": "Tenda",
          "product": "BE12 Pro",
          "cpes": [
            "cpe:2.3:h:tenda:be12_pro:*:*:*:*:*:*:*:*"
          ],
          "versions": [
            {
              "version": "16.03.66.23",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Stack-based Buffer Overflow",
              "cweId": "CWE-121",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/378239",
          "name": "VDB-378239 | Tenda BE12 Pro SafeUrlFilter fromSafeUrlFilter stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/378239/cti",
          "name": "VDB-378239 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/cve/CVE-2026-15692",
          "name": "CVE-2026-15692 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://vuldb.com/submit/856010",
          "name": "Submit #856010 | Tenda BE12 Pro V16.03.66.23 Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/cve-a/dexingzhiqing/issues/2",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://www.tenda.com.cn/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-07-14T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-07-14T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-07-14T07:03:30.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "dexingzhiqing (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}