Skip to main content

Tenda W12 EUVD-2026-33513

| CVE-2026-10191 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-31 VulDB GHSA-w35x-2v63-7ggc
Buffer Overflow Tenda Stack Overflow
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 31, 2026 - 16:29 vuln.today
v3 (cvss_changed)
Analysis Updated
May 31, 2026 - 16:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 31, 2026 - 16:22 vuln.today
cvss_changed
CVSS changed
May 31, 2026 - 16:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 31, 2026 - 16:15 vuln.today

DescriptionCVE.org

A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote authenticated attackers to corrupt memory in the embedded HTTP daemon by supplying an oversized wifiMacFilterSet.macList.mac parameter to the cgiWifiMacFilterSet handler in /bin/httpd. Publicly available exploit code exists, raising the practical risk of device compromise, denial of service, or potential code execution on affected access points, though no CISA KEV listing or active exploitation has been confirmed.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed W12 admin panel
Delivery
Obtain low-privilege web credentials
Exploit
Send crafted POST to cgiWifiMacFilterSet
Execution
Overflow stack buffer in /bin/httpd
Persist
Hijack control flow as root
Impact
Persist via firmware/config changes
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must reach the W12 HTTP management interface over the network and authenticate at low privilege (CVSS PR:L) to invoke the cgiWifiMacFilterSet handler in /bin/httpd with a malformed wifiMacFilterSet.macList.mac argument; no user interaction is required (UI:N) and attack complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 scores this 7.4 (High) with vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H, indicating network-reachable, low-complexity exploitation that requires low-level authentication and yields high confidentiality, integrity, and availability impact on the vulnerable component with no scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privileged access to the W12 management interface - for example via guest admin credentials, a captured session, or default passwords on an internet-exposed device - sends a crafted HTTP POST to the cgiWifiMacFilterSet endpoint containing an oversized wifiMacFilterSet.macList.mac value, overflowing the stack buffer in /bin/httpd. Using the publicly disclosed exploit archive (cgiWifiMacFilterSet_overflow.zip) as a starting point, the attacker can crash the daemon for denial of service or, with successful return-address control, execute arbitrary code as root on the access point.
Remediation No vendor-released patch identified at time of analysis - the references include only VulDB advisory pages and an exploit archive, with no Tenda security bulletin enumerated. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all Tenda W12 devices and determine which run firmware 3.0.0.7(4763); restrict network access to administrative interfaces. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-38065 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the

CVE-2026-38060 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin p
CVE-2026-38061 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volum
CVE-2026-38062 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the rat
CVE-2026-38063 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via

Share

EUVD-2026-33513 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy