Skip to main content

Tenda W12 CVE-2026-10189

| EUVD-2026-33511 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-31 VulDB GHSA-r38j-2xmx-6hwh
Buffer Overflow Tenda Stack Overflow
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 31, 2026 - 16:30 vuln.today
v3 (cvss_changed)
Analysis Updated
May 31, 2026 - 16:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 31, 2026 - 16:22 vuln.today
cvss_changed
CVSS changed
May 31, 2026 - 16:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 31, 2026 - 15:45 vuln.today

DescriptionCVE.org

A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows authenticated remote attackers to corrupt memory in the embedded HTTP daemon via the 'sec' parameter of the cgiSysTimeInfoSet handler. Publicly available exploit code exists for this issue, raising the practical risk for exposed management interfaces despite no public exploit identified at time of analysis in the CISA KEV catalog.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify exposed Tenda W12 admin UI
Delivery
Obtain low-privileged web credentials
Exploit
Send crafted POST to cgiSysTimeInfoSet with oversized sec parameter
Install
Overflow stack buffer in /bin/httpd
C2
Hijack saved return address
Execute
Execute attacker-controlled payload as httpd
Impact
Persist on device and pivot into LAN
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Network reachability to the Tenda W12 administrative HTTP daemon (/bin/httpd) is required, plus a low-privileged authenticated session on the web UI (CVSS PR:L) capable of invoking the cgiSysTimeInfoSet handler that processes the time-setting 'sec' argument. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N indicates network reachability with low complexity but requires low privileges, and the E:P sub-vector reflects that proof-of-concept exploit code is available (the cgiSysTimeInfoSet_overflow.zip archive distributed via a third-party CDN). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privileged admin access (or default credentials) to a network-reachable Tenda W12 sends a crafted HTTP request to the time-configuration endpoint with an overlong 'sec' parameter, overflowing the stack buffer inside cgiSysTimeInfoSet and overwriting the saved return address to redirect execution into shellcode or a ROP chain. Because a public exploit archive (cgiSysTimeInfoSet_overflow.zip) has been published, the barrier to weaponization is low; successful exploitation yields code execution as the httpd process, typically root on these embedded devices, enabling persistent device takeover and pivoting into the wireless network.
Remediation No vendor-released patch identified at time of analysis - Tenda has not published a fixed firmware build referenced in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify and catalog all Tenda W12 devices running firmware 3.0.0.7(4763); assess whether management interfaces are exposed to untrusted networks or remote users. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-38065 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the

CVE-2026-38060 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin p
CVE-2026-38061 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volum
CVE-2026-38062 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the rat
CVE-2026-38063 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via

Share

CVE-2026-10189 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy