Is there a public PoC exploit available for EUVD-2026-33512?

Yes, a public proof-of-concept exploit is available for EUVD-2026-33512. Prioritise patching immediately. EPSS: 0.1%.

Tenda W12 EUVD-2026-33512

Q: What is the CVSS score of EUVD-2026-33512?

EUVD-2026-33512 has a CVSS 4.0 base score of 5.7 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-10190 MEDIUM

Improper Resource Shutdown or Release (CWE-404)

2026-05-31 VulDB

GHSA-hgcw-qw4m-rwrh

Denial Of Service Tenda

5.7

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.7 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

May 31, 2026 - 16:22 NVD

6.5 (MEDIUM) 5.7 (MEDIUM)

Analysis Generated

May 31, 2026 - 16:15 vuln.today

DescriptionCVE.org

A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the attack remotely. The exploit has been made public and could be used.

AnalysisAI

Denial of service in Tenda W12 firmware 3.0.0.7(4763) allows a low-privileged remote attacker to crash the web management daemon by sending a crafted value for the 'web_over_time' argument to the cgiSysWebTimeoutSet handler in /bin/httpd. The availability impact is rated High (A:H), meaning successful exploitation renders the router's management interface - and potentially the device itself - unresponsive. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify Tenda W12 web interface

Delivery

Authenticate with low-privilege credentials

Exploit

Send crafted request to cgiSysWebTimeoutSet

Install

Supply malformed web_over_time argument

Trigger improper resource release in httpd

Execute

Crash web management daemon

Impact

Router management unavailable

Recon

Identify Tenda W12 web interface

Delivery

Authenticate with low-privilege credentials

Exploit

Send crafted request to cgiSysWebTimeoutSet

Install

Supply malformed web_over_time argument

Trigger improper resource release in httpd

Execute

Crash web management daemon

Impact

Router management unavailable

Vulnerability AssessmentAI

Exploitation	Low-privilege authentication to the Tenda W12 Web Management Interface is required, as confirmed by CVSS PR:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 base score of 6.5 reflects network-reachable (AV:N), low-complexity (AC:L), low-privilege (PR:L) exploitation with high availability impact and no confidentiality or integrity loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker authenticated to the Tenda W12 web management interface with low-privilege credentials - potentially obtained via default or guessed credentials - sends a crafted HTTP POST or GET request to the cgiSysWebTimeoutSet endpoint with a malformed or oversized 'web_over_time' parameter value. The /bin/httpd process fails to properly handle or release the associated resource, causing it to crash or hang. …
Remediation	No vendor-released patch has been identified at time of analysis; the Tenda product page (https://www.tenda.com.cn/) does not list a remediated firmware version. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-38065 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the

CVE-2026-38060 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin p

CVE-2026-38061 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volum

CVE-2026-38062 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the rat

CVE-2026-38063 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via

EUVD-2026-33512 vulnerability details – vuln.today

Back

Tenda W12 EUVD-2026-33512

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

More from same product – last 7 days

Share

External POC / Exploit Code