A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Tenda BE12 Pro SafeUrlFilter fromSafeUrlFilter stack-based overflow
Problem type
Affected products
Tenda
16.03.66.23 - AFFECTED
References
https://vuldb.com/vuln/378239
https://vuldb.com/vuln/378239/cti
https://vuldb.com/cve/CVE-2026-15692
https://vuldb.com/submit/856010
https://github.com/cve-a/dexingzhiqing/issues/2
https://www.tenda.com.cn/
GitHub Security Advisories
GHSA-cxw3-26xc-7ppc
A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the...
https://github.com/advisories/GHSA-cxw3-26xc-7ppcA weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
https://nvd.nist.gov/vuln/detail/CVE-2026-15692
https://github.com/cve-a/dexingzhiqing/issues/2
https://vuldb.com/cve/CVE-2026-15692
https://vuldb.com/submit/856010
https://vuldb.com/vuln/378239
https://vuldb.com/vuln/378239/cti
https://www.tenda.com.cn
https://github.com/advisories/GHSA-cxw3-26xc-7ppc
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-15692Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-15692",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-07-14T12:30:10.831Z",
"dateReserved": "2026-07-14T04:58:11.929Z",
"datePublished": "2026-07-14T12:30:10.831Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-07-14T12:30:10.831Z"
},
"title": "Tenda BE12 Pro SafeUrlFilter fromSafeUrlFilter stack-based overflow",
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks."
}
],
"affected": [
{
"vendor": "Tenda",
"product": "BE12 Pro",
"cpes": [
"cpe:2.3:h:tenda:be12_pro:*:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "16.03.66.23",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Stack-based Buffer Overflow",
"cweId": "CWE-121",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Memory Corruption",
"cweId": "CWE-119",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/378239",
"name": "VDB-378239 | Tenda BE12 Pro SafeUrlFilter fromSafeUrlFilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/vuln/378239/cti",
"name": "VDB-378239 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/cve/CVE-2026-15692",
"name": "CVE-2026-15692 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://vuldb.com/submit/856010",
"name": "Submit #856010 | Tenda BE12 Pro V16.03.66.23 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/cve-a/dexingzhiqing/issues/2",
"tags": [
"exploit",
"issue-tracking"
]
},
{
"url": "https://www.tenda.com.cn/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"baseScore": 9
}
}
],
"timeline": [
{
"time": "2026-07-14T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-07-14T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-07-14T07:03:30.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "dexingzhiqing (VulDB User)",
"type": "reporter"
}
]
}
}
}