CVE-2026-15695
A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListCli
CVSS
8.8
High
EPSS
0.8%
p52
KEV
—
Exploit Today
16
0-100
Published: Jul 14, 2026 · Last modified: Jul 15, 2026 · CWE-119 · CWE-121
0.8%EPSS · 30 days0.8%
2026-07-152026-07-16
A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-312778.8 HIG71.0%
KEV—71Apple Multiple Products Buffer Overflow Vulnerability3dCVE-2005-445910.0 NO 96.2%
——29Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.10dCVE-2025-510878.6 HIG94.0%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.13dCVE-2025-510885.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.13dCVE-2025-510855.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.13dCVE-2025-606908.8 HIG89.1%
——27A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.13d